diff --git a/sdk/authorization/arm-authorization/recordings/node/authorization_test/recording_roledefinitions_create_test.json b/sdk/authorization/arm-authorization/recordings/node/authorization_test/recording_roledefinitions_create_test.json new file mode 100644 index 000000000000..e11a459b0604 --- /dev/null +++ b/sdk/authorization/arm-authorization/recordings/node/authorization_test/recording_roledefinitions_create_test.json @@ -0,0 +1,42 @@ +{ + "Entries": [ + { + "RequestUri": "https://management.azure.com/subscriptions/azure_subscription_id/resourcegroups/myjstest/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId?api-version=2022-04-01", + "RequestMethod": "PUT", + "RequestHeaders": { + "Accept": "application/json", + "Accept-Encoding": "gzip,deflate", + "Authorization": "Sanitized", + "Connection": "keep-alive", + "Content-Length": "2", + "Content-Type": "application/json", + "User-Agent": "azsdk-js-arm-authorization/9.0.0 core-rest-pipeline/1.10.4 Node/v16.17.0 OS/(x64-Windows_NT-10.0.22621)", + "x-ms-client-request-id": "47b5b8f1-aa2b-47c4-b22a-4cbe96a1c6b1" + }, + "RequestBody": {}, + "StatusCode": 403, + "ResponseHeaders": { + "Cache-Control": "no-cache", + "Connection": "close", + "Content-Length": "481", + "Content-Type": "application/json; charset=utf-8", + "Date": "Mon, 24 Apr 2023 02:48:10 GMT", + "Expires": "-1", + "Pragma": "no-cache", + "Strict-Transport-Security": "max-age=31536000; includeSubDomains", + "X-Content-Type-Options": "nosniff", + "x-ms-correlation-request-id": "0eafd7d8-b5d1-4f89-8aa3-a6b4e30cbc26", + "x-ms-failure-cause": "gateway", + "x-ms-request-id": "0eafd7d8-b5d1-4f89-8aa3-a6b4e30cbc26", + "x-ms-routing-request-id": "SOUTHEASTASIA:20230424T024811Z:0eafd7d8-b5d1-4f89-8aa3-a6b4e30cbc26" + }, + "ResponseBody": { + "error": { + "code": "AuthorizationFailed", + "message": "The client \u0027c4e92f5c-3a0d-4845-aacc-5ac8a7905cdf\u0027 with object id \u0027c4e92f5c-3a0d-4845-aacc-5ac8a7905cdf\u0027 does not have authorization to perform action \u0027Microsoft.Authorization/roleDefinitions/write\u0027 over scope \u0027/subscriptions/azure_subscription_id/resourcegroups/myjstest/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId\u0027 or the scope is invalid. If access was recently granted, please refresh your credentials." + } + } + } + ], + "Variables": {} +} diff --git a/sdk/authorization/arm-authorization/recordings/node/authorization_test/recording_roledefinitions_delete_test.json b/sdk/authorization/arm-authorization/recordings/node/authorization_test/recording_roledefinitions_delete_test.json new file mode 100644 index 000000000000..6fc18265ffef --- /dev/null +++ b/sdk/authorization/arm-authorization/recordings/node/authorization_test/recording_roledefinitions_delete_test.json @@ -0,0 +1,40 @@ +{ + "Entries": [ + { + "RequestUri": "https://management.azure.com/subscriptions/azure_subscription_id/resourcegroups/myjstest/providers/Microsoft.Authorization/roleDefinitions/resourcetest?api-version=2022-04-01", + "RequestMethod": "DELETE", + "RequestHeaders": { + "Accept": "application/json", + "Accept-Encoding": "gzip,deflate", + "Authorization": "Sanitized", + "Connection": "keep-alive", + "User-Agent": "azsdk-js-arm-authorization/9.0.0 core-rest-pipeline/1.10.4 Node/v16.17.0 OS/(x64-Windows_NT-10.0.22621)", + "x-ms-client-request-id": "c4607a24-1279-4eb9-8752-3552777047c4" + }, + "RequestBody": null, + "StatusCode": 403, + "ResponseHeaders": { + "Cache-Control": "no-cache", + "Connection": "close", + "Content-Length": "478", + "Content-Type": "application/json; charset=utf-8", + "Date": "Mon, 24 Apr 2023 02:48:14 GMT", + "Expires": "-1", + "Pragma": "no-cache", + "Strict-Transport-Security": "max-age=31536000; includeSubDomains", + "X-Content-Type-Options": "nosniff", + "x-ms-correlation-request-id": "d3c76448-fa86-4ab4-81d4-28403176dd09", + "x-ms-failure-cause": "gateway", + "x-ms-request-id": "d3c76448-fa86-4ab4-81d4-28403176dd09", + "x-ms-routing-request-id": "SOUTHEASTASIA:20230424T024814Z:d3c76448-fa86-4ab4-81d4-28403176dd09" + }, + "ResponseBody": { + "error": { + "code": "AuthorizationFailed", + "message": "The client \u0027c4e92f5c-3a0d-4845-aacc-5ac8a7905cdf\u0027 with object id \u0027c4e92f5c-3a0d-4845-aacc-5ac8a7905cdf\u0027 does not have authorization to perform action \u0027Microsoft.Authorization/roleDefinitions/delete\u0027 over scope \u0027/subscriptions/azure_subscription_id/resourcegroups/myjstest/providers/Microsoft.Authorization/roleDefinitions/resourcetest\u0027 or the scope is invalid. If access was recently granted, please refresh your credentials." + } + } + } + ], + "Variables": {} +} diff --git a/sdk/authorization/arm-authorization/recordings/node/authorization_test/recording_roledefinitions_get_test.json b/sdk/authorization/arm-authorization/recordings/node/authorization_test/recording_roledefinitions_get_test.json new file mode 100644 index 000000000000..1dcbf3650d5f --- /dev/null +++ b/sdk/authorization/arm-authorization/recordings/node/authorization_test/recording_roledefinitions_get_test.json @@ -0,0 +1,40 @@ +{ + "Entries": [ + { + "RequestUri": "https://management.azure.com/subscriptions/azure_subscription_id/resourcegroups/myjstest/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId?api-version=2022-04-01", + "RequestMethod": "GET", + "RequestHeaders": { + "Accept": "application/json", + "Accept-Encoding": "gzip,deflate", + "Authorization": "Sanitized", + "Connection": "keep-alive", + "User-Agent": "azsdk-js-arm-authorization/9.0.0 core-rest-pipeline/1.10.4 Node/v16.17.0 OS/(x64-Windows_NT-10.0.22621)", + "x-ms-client-request-id": "9734aea1-47de-44e9-907c-a33bd6aa32cb" + }, + "RequestBody": null, + "StatusCode": 400, + "ResponseHeaders": { + "Cache-Control": "no-cache", + "Content-Length": "112", + "Content-Type": "application/json; charset=utf-8", + "Date": "Mon, 24 Apr 2023 02:48:12 GMT", + "Expires": "-1", + "Pragma": "no-cache", + "Set-Cookie": "x-ms-gateway-slice=Production; path=/; secure; samesite=none; httponly", + "Strict-Transport-Security": "max-age=31536000; includeSubDomains", + "X-Content-Type-Options": "nosniff", + "x-ms-correlation-request-id": "c9bffb34-2ece-4828-b8c9-1c6e3618cc6c", + "x-ms-ratelimit-remaining-subscription-reads": "11999", + "x-ms-request-id": "e73b8b6f-98fe-495b-a0d5-3655ebbf8157", + "x-ms-routing-request-id": "SOUTHEASTASIA:20230424T024812Z:c9bffb34-2ece-4828-b8c9-1c6e3618cc6c" + }, + "ResponseBody": { + "error": { + "code": "InvalidRoleDefinitionId", + "message": "The role definition ID \u0027roleDefinitionId\u0027 is not valid." + } + } + } + ], + "Variables": {} +} diff --git a/sdk/authorization/arm-authorization/recordings/node/authorization_test/recording_roledefinitions_list_test.json b/sdk/authorization/arm-authorization/recordings/node/authorization_test/recording_roledefinitions_list_test.json new file mode 100644 index 000000000000..a94fa1719fbc --- /dev/null +++ b/sdk/authorization/arm-authorization/recordings/node/authorization_test/recording_roledefinitions_list_test.json @@ -0,0 +1,15452 @@ +{ + "Entries": [ + { + "RequestUri": "https://management.azure.com/subscriptions/azure_subscription_id/resourcegroups/myjstest/providers/Microsoft.Authorization/roleDefinitions?api-version=2022-04-01", + "RequestMethod": "GET", + "RequestHeaders": { + "Accept": "application/json", + "Accept-Encoding": "gzip,deflate", + "Authorization": "Sanitized", + "Connection": "keep-alive", + "User-Agent": "azsdk-js-arm-authorization/9.0.0 core-rest-pipeline/1.10.4 Node/v16.17.0 OS/(x64-Windows_NT-10.0.22621)", + "x-ms-client-request-id": "e602a22a-3ad2-4a4e-b343-492f0d9ba7ed" + }, + "RequestBody": null, + "StatusCode": 200, + "ResponseHeaders": { + "Cache-Control": "no-cache", + "Content-Encoding": "gzip", + "Content-Type": "application/json; charset=utf-8", + "Date": "Mon, 24 Apr 2023 02:58:50 GMT", + "Expires": "-1", + "Pragma": "no-cache", + "Set-Cookie": "x-ms-gateway-slice=Production; path=/; secure; samesite=none; httponly", + "Strict-Transport-Security": "max-age=31536000; includeSubDomains", + "Transfer-Encoding": "chunked", + "Vary": "Accept-Encoding", + "X-Content-Type-Options": "nosniff", + "x-ms-correlation-request-id": "a7af4264-6d34-4dbb-916e-e68e0642fd39", + "x-ms-ratelimit-remaining-subscription-reads": "11999", + "x-ms-request-id": "16551b6d-aa74-4ba8-a117-758a4c62fef5", + "x-ms-routing-request-id": "SOUTHEASTASIA:20230424T025851Z:a7af4264-6d34-4dbb-916e-e68e0642fd39" + }, + "ResponseBody": { + "value": [ + { + "properties": { + "roleName": "Avere Cluster Create", + "type": "CustomRole", + "description": "Avere cluster create role used by the Avere controller to create a vFXT cluster.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Authorization/roleAssignments/*", + "Microsoft.Authorization/roleDefinitions/*", + "Microsoft.Compute/*/read", + "Microsoft.Compute/availabilitySets/*", + "Microsoft.Compute/virtualMachines/*", + "Microsoft.Network/*/read", + "Microsoft.Network/networkInterfaces/*", + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/virtualNetworks/subnets/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/subscriptions/resourceGroups/resources/read", + "Microsoft.Storage/*/read", + "Microsoft.Storage/storageAccounts/listKeys/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-11-29T18:46:55.0492387Z", + "updatedOn": "2018-11-29T18:46:55.0492387Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a7b1b19a-0e83-4fe5-935c-faaefbfd18c3", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a7b1b19a-0e83-4fe5-935c-faaefbfd18c3" + }, + { + "properties": { + "roleName": "Avere Cluster Runtime Operator", + "type": "CustomRole", + "description": "Avere cluster runtime role used by Avere clusters running in subscriptions, for the purpose of failing over IP addresses, accessing BLOB storage, etc", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Network/networkInterfaces/read", + "Microsoft.Network/networkInterfaces/write", + "Microsoft.Network/virtualNetworks/subnets/read", + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/networkSecurityGroups/join/action", + "Microsoft.Network/routeTables/read", + "Microsoft.Network/routeTables/routes/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/delete", + "Microsoft.Storage/storageAccounts/blobServices/containers/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/write" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete", + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write" + ], + "notDataActions": [] + } + ], + "createdOn": "2018-08-26T00:41:26.2170858Z", + "updatedOn": "2018-08-26T00:41:26.2170858Z", + "createdBy": "dda50086-5e3d-4a4b-b8bc-f54771104d89", + "updatedBy": "dda50086-5e3d-4a4b-b8bc-f54771104d89" + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/e078ab98-ef3a-4c9a-aba7-12f5172b45d0", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "e078ab98-ef3a-4c9a-aba7-12f5172b45d0" + }, + { + "properties": { + "roleName": "Azure Service Deploy Release Management Contributor", + "type": "CustomRole", + "description": "Contributor role for services deploying through Azure Service Deploy.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "*" + ], + "notActions": [ + "Microsoft.Authorization/*/Delete", + "Microsoft.Authorization/*/Write" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2016-02-04T02:26:31.5413362Z", + "updatedOn": "2018-01-08T20:20:16.3660174Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/21d96096-b162-414a-8302-d8354f9d91b2", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "21d96096-b162-414a-8302-d8354f9d91b2" + }, + { + "properties": { + "roleName": "CAL-Custom-Role", + "type": "CustomRole", + "description": "Lets SAP Cloud Appliance Library application manage Network and Compute services, manage Resource Groups and Management locks.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/locks/*", + "Microsoft.Authorization/roleDefinitions/*", + "Microsoft.Authorization/roleAssignments/*", + "Microsoft.Compute/*", + "Microsoft.Network/*", + "Microsoft.Resources/*", + "Microsoft.Storage/*", + "Microsoft.ContainerService/*", + "Microsoft.ContainerRegistry/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-05-14T19:30:51.0664585Z", + "updatedOn": "2019-02-19T19:11:57.5963229Z", + "createdBy": "dda50086-5e3d-4a4b-b8bc-f54771104d89", + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/7b266cd7-0bba-4ae2-8423-90ede5e1e898", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "7b266cd7-0bba-4ae2-8423-90ede5e1e898" + }, + { + "properties": { + "roleName": "Dsms Role (deprecated)", + "type": "CustomRole", + "description": "Custom role used by Dsms to perform operations. Can list and regnerate storage account keys.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ClassicStorage/storageAccounts/listKeys/action", + "Microsoft.ClassicStorage/storageAccounts/regenerateKey/action", + "Microsoft.Storage/storageAccounts/listkeys/action", + "Microsoft.Storage/storageAccounts/regeneratekey/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-05-17T18:02:11.1225951Z", + "updatedOn": "2018-01-13T00:21:52.7211696Z", + "createdBy": "ca5f3715-e7dd-427b-b2db-45b6a4a2df87", + "updatedBy": "ca5f3715-e7dd-427b-b2db-45b6a4a2df87" + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/b91f4c0b-46e3-47bb-a242-eecfe23b3b5b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "b91f4c0b-46e3-47bb-a242-eecfe23b3b5b" + }, + { + "properties": { + "roleName": "Dsms Role (do not use)", + "type": "CustomRole", + "description": "Custom role used by Dsms to perform operations. Can list and regnerate storage account keys.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ClassicStorage/storageAccounts/listKeys/action", + "Microsoft.ClassicStorage/storageAccounts/regenerateKey/action", + "Microsoft.Storage/storageAccounts/listkeys/action", + "Microsoft.Storage/storageAccounts/regeneratekey/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-02-01T07:56:12.5880222Z", + "updatedOn": "2018-08-09T17:53:48.5432297Z", + "createdBy": "becb4b6b-fe16-413b-a5c3-90355e0b2982", + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/7aff565e-6c55-448d-83db-ccf482c6da2f", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "7aff565e-6c55-448d-83db-ccf482c6da2f" + }, + { + "properties": { + "roleName": "ExpressRoute Administrator", + "type": "CustomRole", + "description": "Can create, delete and manage ExpressRoutes", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/locks/*", + "Microsoft.Authorization/policyAssignments/*", + "Microsoft.Authorization/policyDefinitions/*", + "Microsoft.Authorization/roleAssignments/*", + "Microsoft.ClassicNetwork/*", + "Microsoft.EventGrid/*", + "Microsoft.Insights/*", + "Microsoft.Network/*", + "Microsoft.Resources/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-08-31T03:51:32.2843055Z", + "updatedOn": "2019-03-20T22:55:18.8222085Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a48d7896-14b4-4889-afef-fbb65a96e5a2", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a48d7896-14b4-4889-afef-fbb65a96e5a2" + }, + { + "properties": { + "roleName": "GenevaWarmPathResourceContributor", + "type": "CustomRole", + "description": "Can manage service bus and storage accounts.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.EventHub/namespaces/*", + "Microsoft.Resources/subscriptions/resourceGroups/*", + "Microsoft.ServiceBus/namespaces/*", + "Microsoft.Storage/storageAccounts/*", + "Microsoft.Storage/storageAccounts/managementPolicies/write", + "Microsoft.Storage/storageAccounts/managementPolicies/read", + "Microsoft.Storage/storageAccounts/managementPolicies/delete" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-03-14T22:30:10.1999436Z", + "updatedOn": "2022-02-28T23:26:40.0052537Z", + "createdBy": null, + "updatedBy": "acis" + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/9f15f5f5-77bd-413a-aa88-4b9c68b1e7bc", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "9f15f5f5-77bd-413a-aa88-4b9c68b1e7bc" + }, + { + "properties": { + "roleName": "masterreader", + "type": "CustomRole", + "description": "Lets you view everything, but not make any changes.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "*/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-11-14T23:38:05.3353858Z", + "updatedOn": "2017-11-14T23:38:05.3353858Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a48d7796-14b4-4889-afef-fbb65a93e5a2", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a48d7796-14b4-4889-afef-fbb65a93e5a2" + }, + { + "properties": { + "roleName": "Microsoft OneAsset Reader", + "type": "CustomRole", + "description": "This role is for Microsoft OneAsset team (CSEO) to track internal security compliance and resource utilization.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Compute/virtualMachines/*/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-03-27T23:51:08.6333052Z", + "updatedOn": "2019-04-02T20:35:43.3396263Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/fd1bb084-1503-4bd2-99c0-630220046786", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "fd1bb084-1503-4bd2-99c0-630220046786" + }, + { + "properties": { + "roleName": "Office DevOps", + "type": "CustomRole", + "description": "Custom access for developers to operations but not secrets.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Compute/virtualMachineScaleSets/restart/action", + "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/restart/action", + "Microsoft.Sql/servers/databases/replicationLinks/delete", + "Microsoft.Sql/servers/databases/replicationLinks/failover/action", + "Microsoft.Sql/servers/databases/replicationLinks/forceFailoverAllowDataLoss/action", + "Microsoft.Sql/servers/databases/replicationLinks/operationResults/read", + "Microsoft.Sql/servers/databases/replicationLinks/read", + "Microsoft.Sql/servers/databases/replicationLinks/unlink/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2016-10-07T08:11:46.1639398Z", + "updatedOn": "2017-03-16T18:43:08.3234306Z", + "createdBy": "25aea6be-b605-4347-a92d-33e178e412ec", + "updatedBy": "25aea6be-b605-4347-a92d-33e178e412ec" + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/7fd64851-3279-459b-b614-e2b2ba760f5b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "7fd64851-3279-459b-b614-e2b2ba760f5b" + }, + { + "properties": { + "roleName": "GenevaWarmPathStorageBlobContributor", + "type": "CustomRole", + "description": "Geneva Warm Path Storage Blob Contributor", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Storage/storageAccounts/blobServices/containers/delete", + "Microsoft.Storage/storageAccounts/blobServices/containers/lease/action", + "Microsoft.Storage/storageAccounts/blobServices/containers/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/write", + "Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/lock/action", + "Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/write", + "Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/extend/action", + "Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/delete", + "Microsoft.Storage/storageAccounts/managementPolicies/write", + "Microsoft.Storage/storageAccounts/managementPolicies/read", + "Microsoft.Storage/storageAccounts/managementPolicies/delete" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-12-06T22:46:27.1365630Z", + "updatedOn": "2022-02-28T23:26:40.4152515Z", + "createdBy": null, + "updatedBy": "acis" + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a16c43ca-2d67-4dcd-9ded-6412f5edc51a", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a16c43ca-2d67-4dcd-9ded-6412f5edc51a" + }, + { + "properties": { + "roleName": "Azure Service Deploy Release Management Restricted Owner", + "type": "CustomRole", + "description": "Restricted owner role for services deploying through Azure Service Deploy.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "*" + ], + "notActions": [ + "Microsoft.Authorization/*/Delete", + "Microsoft.Authorization/*/Write" + ], + "dataActions": [], + "notDataActions": [] + }, + { + "actions": [ + "Microsoft.Authorization/roleAssignments/write" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + }, + { + "actions": [ + "Microsoft.Authorization/locks/write", + "Microsoft.Authorization/policyassignments/write", + "Microsoft.Authorization/policydefinitions/write", + "Microsoft.Authorization/policysetdefinitions/write" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-03-07T22:16:06.8803898Z", + "updatedOn": "2022-03-07T22:16:06.8803898Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/94ddc4bc-25f5-4f3e-b527-c587da93cfe4", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "94ddc4bc-25f5-4f3e-b527-c587da93cfe4" + }, + { + "properties": { + "roleName": "Azure Service Deploy Test Release Management Key Vault Secrets User", + "type": "CustomRole", + "description": "Read secret and certificate contents. Only works for key vaults that use the \u0027Azure role-based access control\u0027 permission model.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.KeyVault/vaults/secrets/getSecret/action", + "Microsoft.KeyVault/vaults/certificates/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2022-07-20T22:52:19.9944274Z", + "updatedOn": "2022-08-31T23:25:32.0649353Z", + "createdBy": "19669f00-ee56-44ec-94c3-83159a41292e", + "updatedBy": "19669f00-ee56-44ec-94c3-83159a41292e" + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/87d31636-ad85-4caa-802d-1535972b5612", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "87d31636-ad85-4caa-802d-1535972b5612" + }, + { + "properties": { + "roleName": "Azure Service Deploy Release Management Key Vault Secrets User", + "type": "CustomRole", + "description": "Read secret and certificate contents. Only works for key vaults that use the \u0027Azure role-based access control\u0027 permission model.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.KeyVault/vaults/secrets/getSecret/action", + "Microsoft.KeyVault/vaults/certificates/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2022-08-02T21:14:21.3331588Z", + "updatedOn": "2022-09-10T00:44:34.5904437Z", + "createdBy": "19669f00-ee56-44ec-94c3-83159a41292e", + "updatedBy": "19669f00-ee56-44ec-94c3-83159a41292e" + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/260691e6-68c2-47cf-bd4a-97d5fd4dbcd5", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "260691e6-68c2-47cf-bd4a-97d5fd4dbcd5" + }, + { + "properties": { + "roleName": "AzSecPackUAPolicyResourceContributorCorpProd", + "type": "CustomRole", + "description": "Resource contributor role for allowing the AzSecPack Policy to create and add user assigned identity to VM and VMSS resources.", + "assignableScopes": [ + "/providers/microsoft.management/managementGroups/CnAIOrchestrationServicePublicCorpprod" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ManagedIdentity/userAssignedIdentities/assign/action", + "Microsoft.ManagedIdentity/userAssignedIdentities/write", + "Microsoft.ManagedIdentity/userAssignedIdentities/read", + "Microsoft.Resources/subscriptions/resourceGroups/write", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Compute/virtualMachineScaleSets/write", + "Microsoft.Compute/virtualMachineScaleSets/read", + "Microsoft.Compute/virtualMachines/write", + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Authorization/locks/write", + "Microsoft.Authorization/locks/read", + "Microsoft.Resources/deployments/*", + "Microsoft.ManagedIdentity/register/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-01-30T22:27:31.9638459Z", + "updatedOn": "2021-03-05T21:43:25.6522065Z", + "createdBy": "820ba717-9ea7-4147-bc13-1e35af4cc27c", + "updatedBy": "2ffe2392-0a52-4093-b041-66b10ebc8317" + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/fd6e57ea-fe3c-4f21-bd1e-de170a9a4971", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "fd6e57ea-fe3c-4f21-bd1e-de170a9a4971" + }, + { + "properties": { + "roleName": "AcrPush", + "type": "BuiltInRole", + "description": "acr push", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ContainerRegistry/registries/pull/read", + "Microsoft.ContainerRegistry/registries/push/write" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-10-29T17:52:32.5201177Z", + "updatedOn": "2021-11-11T20:13:07.4993029Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "8311e382-0749-4cb8-b61a-304f252e45ec" + }, + { + "properties": { + "roleName": "API Management Service Contributor", + "type": "BuiltInRole", + "description": "Can manage service and the APIs", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ApiManagement/service/*", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-02-02T21:55:09.8650193Z", + "updatedOn": "2021-11-11T20:13:08.3179618Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "312a565d-c81f-4fd8-895a-4e21e48d571c" + }, + { + "properties": { + "roleName": "AcrPull", + "type": "BuiltInRole", + "description": "acr pull", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ContainerRegistry/registries/pull/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-10-22T19:01:56.8227182Z", + "updatedOn": "2021-11-11T20:13:08.8779328Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "7f951dda-4ed3-4680-a7ca-43fe172d538d" + }, + { + "properties": { + "roleName": "AcrImageSigner", + "type": "BuiltInRole", + "description": "acr image signer", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ContainerRegistry/registries/sign/write" + ], + "notActions": [], + "dataActions": [ + "Microsoft.ContainerRegistry/registries/trustedCollections/write" + ], + "notDataActions": [] + } + ], + "createdOn": "2018-03-15T23:23:08.4038322Z", + "updatedOn": "2021-11-11T20:13:09.6070759Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "6cef56e8-d556-48e5-a04f-b8e64114680f" + }, + { + "properties": { + "roleName": "AcrDelete", + "type": "BuiltInRole", + "description": "acr delete", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ContainerRegistry/registries/artifacts/delete" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-03-11T20:19:31.6682804Z", + "updatedOn": "2021-11-11T20:13:09.9631744Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "c2f4ef07-c644-48eb-af81-4b1b4947fb11" + }, + { + "properties": { + "roleName": "AcrQuarantineReader", + "type": "BuiltInRole", + "description": "acr quarantine data reader", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ContainerRegistry/registries/quarantine/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.ContainerRegistry/registries/quarantinedArtifacts/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2018-03-16T00:27:39.9596835Z", + "updatedOn": "2021-11-11T20:13:10.3188052Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "cdda3590-29a3-44f6-95f2-9f980659eb04" + }, + { + "properties": { + "roleName": "AcrQuarantineWriter", + "type": "BuiltInRole", + "description": "acr quarantine data writer", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ContainerRegistry/registries/quarantine/read", + "Microsoft.ContainerRegistry/registries/quarantine/write" + ], + "notActions": [], + "dataActions": [ + "Microsoft.ContainerRegistry/registries/quarantinedArtifacts/read", + "Microsoft.ContainerRegistry/registries/quarantinedArtifacts/write" + ], + "notDataActions": [] + } + ], + "createdOn": "2018-03-16T00:26:37.5871820Z", + "updatedOn": "2021-11-11T20:13:11.3488079Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "c8d4ff99-41c3-41a8-9f60-21dfdad59608" + }, + { + "properties": { + "roleName": "API Management Service Operator Role", + "type": "BuiltInRole", + "description": "Can manage service but not the APIs", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ApiManagement/service/*/read", + "Microsoft.ApiManagement/service/backup/action", + "Microsoft.ApiManagement/service/delete", + "Microsoft.ApiManagement/service/managedeployments/action", + "Microsoft.ApiManagement/service/read", + "Microsoft.ApiManagement/service/restore/action", + "Microsoft.ApiManagement/service/updatecertificate/action", + "Microsoft.ApiManagement/service/updatehostname/action", + "Microsoft.ApiManagement/service/write", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [ + "Microsoft.ApiManagement/service/users/keys/read" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2016-11-09T00:03:42.1194019Z", + "updatedOn": "2021-11-11T20:13:11.5244023Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/e022efe7-f5ba-4159-bbe4-b44f577e9b61", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "e022efe7-f5ba-4159-bbe4-b44f577e9b61" + }, + { + "properties": { + "roleName": "API Management Service Reader Role", + "type": "BuiltInRole", + "description": "Read-only access to service and APIs", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ApiManagement/service/*/read", + "Microsoft.ApiManagement/service/read", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [ + "Microsoft.ApiManagement/service/users/keys/read" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2016-11-09T00:26:45.1540473Z", + "updatedOn": "2021-11-11T20:13:11.8704466Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/71522526-b88f-4d52-b57f-d31fc3546d0d", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "71522526-b88f-4d52-b57f-d31fc3546d0d" + }, + { + "properties": { + "roleName": "Application Insights Component Contributor", + "type": "BuiltInRole", + "description": "Can manage Application Insights components", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Insights/generateLiveToken/read", + "Microsoft.Insights/metricAlerts/*", + "Microsoft.Insights/components/*", + "Microsoft.Insights/scheduledqueryrules/*", + "Microsoft.Insights/topology/read", + "Microsoft.Insights/transactions/read", + "Microsoft.Insights/webtests/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-02-02T21:55:09.8806423Z", + "updatedOn": "2021-11-11T20:13:12.6428401Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ae349356-3a1b-4a5e-921d-050484c6347e", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ae349356-3a1b-4a5e-921d-050484c6347e" + }, + { + "properties": { + "roleName": "Application Insights Snapshot Debugger", + "type": "BuiltInRole", + "description": "Gives user permission to use Application Insights Snapshot Debugger features", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Insights/components/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-04-19T21:25:12.3728747Z", + "updatedOn": "2021-11-11T20:13:13.0034435Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/08954f03-6346-4c2e-81c0-ec3a5cfae23b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "08954f03-6346-4c2e-81c0-ec3a5cfae23b" + }, + { + "properties": { + "roleName": "Attestation Reader", + "type": "BuiltInRole", + "description": "Can read the attestation provider properties", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Attestation/attestationProviders/attestation/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-03-25T19:42:59.1576710Z", + "updatedOn": "2021-11-11T20:13:13.3634724Z", + "createdBy": null, + "updatedBy": "SYSTEM" + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/fd1bd22b-8476-40bc-a0bc-69b95687b9f3", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "fd1bd22b-8476-40bc-a0bc-69b95687b9f3" + }, + { + "properties": { + "roleName": "Automation Job Operator", + "type": "BuiltInRole", + "description": "Create and Manage Jobs using Automation Runbooks.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read", + "Microsoft.Automation/automationAccounts/jobs/read", + "Microsoft.Automation/automationAccounts/jobs/resume/action", + "Microsoft.Automation/automationAccounts/jobs/stop/action", + "Microsoft.Automation/automationAccounts/jobs/streams/read", + "Microsoft.Automation/automationAccounts/jobs/suspend/action", + "Microsoft.Automation/automationAccounts/jobs/write", + "Microsoft.Automation/automationAccounts/jobs/output/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-04-19T20:52:41.0020018Z", + "updatedOn": "2021-11-11T20:13:13.7065660Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/4fe576fe-1146-4730-92eb-48519fa6bf9f", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "4fe576fe-1146-4730-92eb-48519fa6bf9f" + }, + { + "properties": { + "roleName": "Automation Runbook Operator", + "type": "BuiltInRole", + "description": "Read Runbook properties - to be able to create Jobs of the runbook.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Automation/automationAccounts/runbooks/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-04-19T20:47:49.5640674Z", + "updatedOn": "2021-11-11T20:13:13.8815461Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/5fb5aef8-1081-4b8e-bb16-9d5d0385bab5", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "5fb5aef8-1081-4b8e-bb16-9d5d0385bab5" + }, + { + "properties": { + "roleName": "Automation Operator", + "type": "BuiltInRole", + "description": "Automation Operators are able to start, stop, suspend, and resume jobs", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read", + "Microsoft.Automation/automationAccounts/jobs/read", + "Microsoft.Automation/automationAccounts/jobs/resume/action", + "Microsoft.Automation/automationAccounts/jobs/stop/action", + "Microsoft.Automation/automationAccounts/jobs/streams/read", + "Microsoft.Automation/automationAccounts/jobs/suspend/action", + "Microsoft.Automation/automationAccounts/jobs/write", + "Microsoft.Automation/automationAccounts/jobSchedules/read", + "Microsoft.Automation/automationAccounts/jobSchedules/write", + "Microsoft.Automation/automationAccounts/linkedWorkspace/read", + "Microsoft.Automation/automationAccounts/read", + "Microsoft.Automation/automationAccounts/runbooks/read", + "Microsoft.Automation/automationAccounts/schedules/read", + "Microsoft.Automation/automationAccounts/schedules/write", + "Microsoft.Insights/alertRules/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Automation/automationAccounts/jobs/output/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-08-18T01:05:03.3916130Z", + "updatedOn": "2021-11-11T20:13:14.0515408Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/d3881f73-407a-4167-8283-e981cbba0404", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "d3881f73-407a-4167-8283-e981cbba0404" + }, + { + "properties": { + "roleName": "Avere Contributor", + "type": "BuiltInRole", + "description": "Can create and manage an Avere vFXT cluster.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Compute/*/read", + "Microsoft.Compute/availabilitySets/*", + "Microsoft.Compute/proximityPlacementGroups/*", + "Microsoft.Compute/virtualMachines/*", + "Microsoft.Compute/disks/*", + "Microsoft.Network/*/read", + "Microsoft.Network/networkInterfaces/*", + "Microsoft.Network/virtualNetworks/read", + "Microsoft.Network/virtualNetworks/subnets/read", + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action", + "Microsoft.Network/networkSecurityGroups/join/action", + "Microsoft.Resources/deployments/*", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Storage/*/read", + "Microsoft.Storage/storageAccounts/*", + "Microsoft.Support/*", + "Microsoft.Resources/subscriptions/resourceGroups/resources/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete", + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-03-18T20:00:58.9207889Z", + "updatedOn": "2021-11-11T20:13:14.2265665Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "4f8fab4f-1852-4a58-a46a-8eaf358af14a" + }, + { + "properties": { + "roleName": "Avere Operator", + "type": "BuiltInRole", + "description": "Used by the Avere vFXT cluster to manage the cluster", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Network/networkInterfaces/read", + "Microsoft.Network/networkInterfaces/write", + "Microsoft.Network/virtualNetworks/read", + "Microsoft.Network/virtualNetworks/subnets/read", + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/networkSecurityGroups/join/action", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/delete", + "Microsoft.Storage/storageAccounts/blobServices/containers/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/write" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete", + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-03-18T20:02:38.3399857Z", + "updatedOn": "2021-11-11T20:13:15.1065886Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "c025889f-8102-4ebf-b32c-fc0c6f0c6bd9" + }, + { + "properties": { + "roleName": "Azure Kubernetes Service Cluster Admin Role", + "type": "BuiltInRole", + "description": "List cluster admin credential action.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action", + "Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/action", + "Microsoft.ContainerService/managedClusters/read", + "Microsoft.ContainerService/managedClusters/runcommand/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-08-15T21:38:18.5953853Z", + "updatedOn": "2022-05-17T03:53:30.0905246Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8" + }, + { + "properties": { + "roleName": "Azure Kubernetes Service Cluster User Role", + "type": "BuiltInRole", + "description": "List cluster user credential action.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action", + "Microsoft.ContainerService/managedClusters/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-08-15T22:04:53.4037241Z", + "updatedOn": "2021-11-11T20:13:20.4351976Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/4abbcc35-e782-43d8-92c5-2d3f1bd2253f", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "4abbcc35-e782-43d8-92c5-2d3f1bd2253f" + }, + { + "properties": { + "roleName": "Azure Maps Data Reader", + "type": "BuiltInRole", + "description": "Grants access to read map related data from an Azure maps account.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Maps/accounts/*/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2018-10-05T19:47:03.4723070Z", + "updatedOn": "2021-11-11T20:13:20.9582685Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/423170ca-a8f6-4b0f-8487-9e4eb8f49bfa", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "423170ca-a8f6-4b0f-8487-9e4eb8f49bfa" + }, + { + "properties": { + "roleName": "Azure Stack Registration Owner", + "type": "BuiltInRole", + "description": "Lets you manage Azure Stack registrations.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.AzureStack/edgeSubscriptions/read", + "Microsoft.AzureStack/registrations/products/*/action", + "Microsoft.AzureStack/registrations/products/read", + "Microsoft.AzureStack/registrations/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-11-13T23:42:06.2161827Z", + "updatedOn": "2021-11-11T20:13:23.2957820Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/6f12a6df-dd06-4f3e-bcb1-ce8be600526a", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "6f12a6df-dd06-4f3e-bcb1-ce8be600526a" + }, + { + "properties": { + "roleName": "Backup Contributor", + "type": "BuiltInRole", + "description": "Lets you manage backup service,but can\u0027t create vaults and give access to others", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Network/virtualNetworks/read", + "Microsoft.RecoveryServices/locations/*", + "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*", + "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action", + "Microsoft.RecoveryServices/Vaults/backupJobs/*", + "Microsoft.RecoveryServices/Vaults/backupJobsExport/action", + "Microsoft.RecoveryServices/Vaults/backupOperationResults/*", + "Microsoft.RecoveryServices/Vaults/backupPolicies/*", + "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*", + "Microsoft.RecoveryServices/Vaults/backupProtectedItems/*", + "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*", + "Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*", + "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read", + "Microsoft.RecoveryServices/Vaults/certificates/*", + "Microsoft.RecoveryServices/Vaults/extendedInformation/*", + "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read", + "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*", + "Microsoft.RecoveryServices/Vaults/read", + "Microsoft.RecoveryServices/Vaults/registeredIdentities/*", + "Microsoft.RecoveryServices/Vaults/usages/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Storage/storageAccounts/read", + "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*", + "Microsoft.RecoveryServices/Vaults/backupconfig/*", + "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action", + "Microsoft.RecoveryServices/Vaults/write", + "Microsoft.RecoveryServices/Vaults/backupOperations/read", + "Microsoft.RecoveryServices/Vaults/backupEngines/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read", + "Microsoft.RecoveryServices/vaults/operationStatus/read", + "Microsoft.RecoveryServices/vaults/operationResults/read", + "Microsoft.RecoveryServices/locations/backupStatus/action", + "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action", + "Microsoft.RecoveryServices/locations/backupValidateFeatures/action", + "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write", + "Microsoft.RecoveryServices/operations/read", + "Microsoft.RecoveryServices/locations/operationStatus/read", + "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read", + "Microsoft.Support/*", + "Microsoft.DataProtection/locations/getBackupStatus/action", + "Microsoft.DataProtection/backupVaults/backupInstances/write", + "Microsoft.DataProtection/backupVaults/backupInstances/delete", + "Microsoft.DataProtection/backupVaults/backupInstances/read", + "Microsoft.DataProtection/backupVaults/backupInstances/read", + "Microsoft.DataProtection/backupVaults/deletedBackupInstances/read", + "Microsoft.DataProtection/backupVaults/deletedBackupInstances/undelete/action", + "Microsoft.DataProtection/backupVaults/backupInstances/backup/action", + "Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action", + "Microsoft.DataProtection/backupVaults/backupInstances/restore/action", + "Microsoft.DataProtection/backupVaults/backupPolicies/write", + "Microsoft.DataProtection/backupVaults/backupPolicies/delete", + "Microsoft.DataProtection/backupVaults/backupPolicies/read", + "Microsoft.DataProtection/backupVaults/backupPolicies/read", + "Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read", + "Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read", + "Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action", + "Microsoft.DataProtection/backupVaults/write", + "Microsoft.DataProtection/backupVaults/read", + "Microsoft.DataProtection/backupVaults/operationResults/read", + "Microsoft.DataProtection/backupVaults/operationStatus/read", + "Microsoft.DataProtection/locations/checkNameAvailability/action", + "Microsoft.DataProtection/locations/checkFeatureSupport/action", + "Microsoft.DataProtection/backupVaults/read", + "Microsoft.DataProtection/backupVaults/read", + "Microsoft.DataProtection/locations/operationStatus/read", + "Microsoft.DataProtection/locations/operationResults/read", + "Microsoft.DataProtection/backupVaults/validateForBackup/action", + "Microsoft.DataProtection/operations/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-01-03T13:12:15.7321344Z", + "updatedOn": "2023-02-27T16:05:38.7305428Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "5e467623-bb1f-42f4-a55d-6e525e11384b" + }, + { + "properties": { + "roleName": "Billing Reader", + "type": "BuiltInRole", + "description": "Allows read access to billing data", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Billing/*/read", + "Microsoft.Commerce/*/read", + "Microsoft.Consumption/*/read", + "Microsoft.Management/managementGroups/read", + "Microsoft.CostManagement/*/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-04-25T02:13:38.9054151Z", + "updatedOn": "2021-11-11T20:13:24.5342563Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64" + }, + { + "properties": { + "roleName": "Backup Reader", + "type": "BuiltInRole", + "description": "Can view backup services, but can\u0027t make changes", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.RecoveryServices/locations/allocatedStamp/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read", + "Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read", + "Microsoft.RecoveryServices/Vaults/backupJobs/read", + "Microsoft.RecoveryServices/Vaults/backupJobsExport/action", + "Microsoft.RecoveryServices/Vaults/backupOperationResults/read", + "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read", + "Microsoft.RecoveryServices/Vaults/backupPolicies/read", + "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read", + "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read", + "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read", + "Microsoft.RecoveryServices/Vaults/extendedInformation/read", + "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read", + "Microsoft.RecoveryServices/Vaults/read", + "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read", + "Microsoft.RecoveryServices/Vaults/registeredIdentities/read", + "Microsoft.RecoveryServices/Vaults/backupstorageconfig/read", + "Microsoft.RecoveryServices/Vaults/backupconfig/read", + "Microsoft.RecoveryServices/Vaults/backupOperations/read", + "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read", + "Microsoft.RecoveryServices/Vaults/backupEngines/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read", + "Microsoft.RecoveryServices/locations/backupStatus/action", + "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*", + "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write", + "Microsoft.RecoveryServices/operations/read", + "Microsoft.RecoveryServices/locations/operationStatus/read", + "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read", + "Microsoft.RecoveryServices/Vaults/usages/read", + "Microsoft.RecoveryServices/locations/backupValidateFeatures/action", + "Microsoft.RecoveryServices/locations/backupCrrJobs/action", + "Microsoft.RecoveryServices/locations/backupCrrJob/action", + "Microsoft.RecoveryServices/locations/backupCrrOperationResults/read", + "Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read", + "Microsoft.DataProtection/locations/getBackupStatus/action", + "Microsoft.DataProtection/backupVaults/backupInstances/write", + "Microsoft.DataProtection/backupVaults/backupInstances/read", + "Microsoft.DataProtection/backupVaults/deletedBackupInstances/read", + "Microsoft.DataProtection/backupVaults/backupInstances/backup/action", + "Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action", + "Microsoft.DataProtection/backupVaults/backupInstances/restore/action", + "Microsoft.DataProtection/backupVaults/backupPolicies/read", + "Microsoft.DataProtection/backupVaults/backupPolicies/read", + "Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read", + "Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read", + "Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action", + "Microsoft.DataProtection/backupVaults/read", + "Microsoft.DataProtection/backupVaults/operationResults/read", + "Microsoft.DataProtection/backupVaults/operationStatus/read", + "Microsoft.DataProtection/backupVaults/read", + "Microsoft.DataProtection/backupVaults/read", + "Microsoft.DataProtection/locations/operationStatus/read", + "Microsoft.DataProtection/locations/operationResults/read", + "Microsoft.DataProtection/backupVaults/validateForBackup/action", + "Microsoft.DataProtection/operations/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-01-03T13:18:41.3893065Z", + "updatedOn": "2022-10-14T11:00:55.4737513Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a795c7a0-d4a2-40c1-ae25-d81f01202912" + }, + { + "properties": { + "roleName": "Blockchain Member Node Access (Preview)", + "type": "BuiltInRole", + "description": "Allows for access to Blockchain Member nodes", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Blockchain/blockchainMembers/transactionNodes/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2018-12-21T10:33:01.9604839Z", + "updatedOn": "2021-11-11T20:13:25.0558920Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/31a002a1-acaf-453e-8a5b-297c9ca1ea24", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "31a002a1-acaf-453e-8a5b-297c9ca1ea24" + }, + { + "properties": { + "roleName": "BizTalk Contributor", + "type": "BuiltInRole", + "description": "Lets you manage BizTalk services, but not access to them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.BizTalkServices/BizTalk/*", + "Microsoft.Insights/alertRules/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-02-02T21:55:09.8806423Z", + "updatedOn": "2021-11-11T20:13:25.2359269Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/5e3c6656-6cfa-4708-81fe-0de47ac73342", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "5e3c6656-6cfa-4708-81fe-0de47ac73342" + }, + { + "properties": { + "roleName": "CDN Endpoint Contributor", + "type": "BuiltInRole", + "description": "Can manage CDN endpoints, but can\u2019t grant access to other users.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Cdn/edgenodes/read", + "Microsoft.Cdn/operationresults/*", + "Microsoft.Cdn/profiles/endpoints/*", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2016-01-23T02:48:46.4996252Z", + "updatedOn": "2021-11-11T20:13:25.4059314Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/426e0c7f-0c7e-4658-b36f-ff54d6c29b45", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "426e0c7f-0c7e-4658-b36f-ff54d6c29b45" + }, + { + "properties": { + "roleName": "CDN Profile Contributor", + "type": "BuiltInRole", + "description": "Can manage CDN profiles and their endpoints, but can\u2019t grant access to other users.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Cdn/edgenodes/read", + "Microsoft.Cdn/operationresults/*", + "Microsoft.Cdn/profiles/*", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2016-01-23T02:48:46.4996252Z", + "updatedOn": "2021-11-11T20:13:25.9224344Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ec156ff8-a8d1-4d15-830c-5b80698ca432", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ec156ff8-a8d1-4d15-830c-5b80698ca432" + }, + { + "properties": { + "roleName": "CDN Profile Reader", + "type": "BuiltInRole", + "description": "Can view CDN profiles and their endpoints, but can\u2019t make changes.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Cdn/edgenodes/read", + "Microsoft.Cdn/operationresults/*", + "Microsoft.Cdn/profiles/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2016-01-23T02:48:46.4996252Z", + "updatedOn": "2021-11-11T20:13:26.0983652Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/8f96442b-4075-438f-813d-ad51ab4019af", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "8f96442b-4075-438f-813d-ad51ab4019af" + }, + { + "properties": { + "roleName": "Classic Network Contributor", + "type": "BuiltInRole", + "description": "Lets you manage classic networks, but not access to them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.ClassicNetwork/*", + "Microsoft.Insights/alertRules/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-02-02T21:55:09.8806423Z", + "updatedOn": "2021-11-11T20:13:26.4433301Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/b34d265f-36f7-4a0d-a4d4-e158ca92e90f", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "b34d265f-36f7-4a0d-a4d4-e158ca92e90f" + }, + { + "properties": { + "roleName": "Classic Storage Account Contributor", + "type": "BuiltInRole", + "description": "Lets you manage classic storage accounts, but not access to them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.ClassicStorage/storageAccounts/*", + "Microsoft.Insights/alertRules/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-02-02T21:55:09.8806423Z", + "updatedOn": "2021-11-11T20:13:26.6183566Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "86e8f5dc-a6e9-4c67-9d15-de283e8eac25" + }, + { + "properties": { + "roleName": "Classic Storage Account Key Operator Service Role", + "type": "BuiltInRole", + "description": "Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ClassicStorage/storageAccounts/listkeys/action", + "Microsoft.ClassicStorage/storageAccounts/regeneratekey/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-04-13T18:22:52.1461100Z", + "updatedOn": "2021-11-11T20:13:26.9796021Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "985d6b00-f706-48f5-a6fe-d0ca12fb668d" + }, + { + "properties": { + "roleName": "ClearDB MySQL DB Contributor", + "type": "BuiltInRole", + "description": "Lets you manage ClearDB MySQL databases, but not access to them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "successbricks.cleardb/databases/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-02-02T21:55:09.8806423Z", + "updatedOn": "2021-11-11T20:13:27.1646373Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/9106cda0-8a86-4e81-b686-29a22c54effe", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "9106cda0-8a86-4e81-b686-29a22c54effe" + }, + { + "properties": { + "roleName": "Classic Virtual Machine Contributor", + "type": "BuiltInRole", + "description": "Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they\u2019re connected to.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.ClassicCompute/domainNames/*", + "Microsoft.ClassicCompute/virtualMachines/*", + "Microsoft.ClassicNetwork/networkSecurityGroups/join/action", + "Microsoft.ClassicNetwork/reservedIps/link/action", + "Microsoft.ClassicNetwork/reservedIps/read", + "Microsoft.ClassicNetwork/virtualNetworks/join/action", + "Microsoft.ClassicNetwork/virtualNetworks/read", + "Microsoft.ClassicStorage/storageAccounts/disks/read", + "Microsoft.ClassicStorage/storageAccounts/images/read", + "Microsoft.ClassicStorage/storageAccounts/listKeys/action", + "Microsoft.ClassicStorage/storageAccounts/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-04-25T00:37:56.5416086Z", + "updatedOn": "2021-11-11T20:13:27.3446332Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "d73bb868-a0df-4d4d-bd69-98a00b01fccb" + }, + { + "properties": { + "roleName": "Cognitive Services User", + "type": "BuiltInRole", + "description": "Lets you read and list keys of Cognitive Services.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CognitiveServices/*/read", + "Microsoft.CognitiveServices/accounts/listkeys/action", + "Microsoft.Insights/alertRules/read", + "Microsoft.Insights/diagnosticSettings/read", + "Microsoft.Insights/logDefinitions/read", + "Microsoft.Insights/metricdefinitions/read", + "Microsoft.Insights/metrics/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/operations/read", + "Microsoft.Resources/subscriptions/operationresults/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2018-08-08T23:23:43.7701274Z", + "updatedOn": "2021-11-11T20:13:27.5316443Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a97b65f3-24c7-4388-baec-2e87135dc908", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a97b65f3-24c7-4388-baec-2e87135dc908" + }, + { + "properties": { + "roleName": "Cognitive Services Data Reader (Preview)", + "type": "BuiltInRole", + "description": "Lets you read Cognitive Services data.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/*/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-02-13T20:02:12.6849986Z", + "updatedOn": "2021-11-11T20:13:27.7138054Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/b59867f0-fa02-499b-be73-45a86b5b3e1c", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "b59867f0-fa02-499b-be73-45a86b5b3e1c" + }, + { + "properties": { + "roleName": "Cognitive Services Contributor", + "type": "BuiltInRole", + "description": "Lets you create, read, update, delete and manage keys of Cognitive Services.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.CognitiveServices/*", + "Microsoft.Features/features/read", + "Microsoft.Features/providers/features/read", + "Microsoft.Features/providers/features/register/action", + "Microsoft.Insights/alertRules/*", + "Microsoft.Insights/diagnosticSettings/*", + "Microsoft.Insights/logDefinitions/read", + "Microsoft.Insights/metricdefinitions/read", + "Microsoft.Insights/metrics/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/deployments/operations/read", + "Microsoft.Resources/subscriptions/operationresults/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-08-08T23:18:39.2257848Z", + "updatedOn": "2021-11-11T20:13:27.9116230Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68" + }, + { + "properties": { + "roleName": "CosmosBackupOperator", + "type": "BuiltInRole", + "description": "Can submit restore request for a Cosmos DB database or a container for an account", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.DocumentDB/databaseAccounts/backup/action", + "Microsoft.DocumentDB/databaseAccounts/restore/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-12-07T19:47:14.9651560Z", + "updatedOn": "2021-11-11T20:13:28.4333692Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/db7b14f2-5adf-42da-9f96-f2ee17bab5cb", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "db7b14f2-5adf-42da-9f96-f2ee17bab5cb" + }, + { + "properties": { + "roleName": "Contributor", + "type": "BuiltInRole", + "description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "*" + ], + "notActions": [ + "Microsoft.Authorization/*/Delete", + "Microsoft.Authorization/*/Write", + "Microsoft.Authorization/elevateAccess/Action", + "Microsoft.Blueprint/blueprintAssignments/write", + "Microsoft.Blueprint/blueprintAssignments/delete", + "Microsoft.Compute/galleries/share/action" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-02-02T21:55:09.8806423Z", + "updatedOn": "2021-11-11T20:13:28.6061853Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "b24988ac-6180-42a0-ab88-20f7382dd24c" + }, + { + "properties": { + "roleName": "Cosmos DB Account Reader Role", + "type": "BuiltInRole", + "description": "Can read Azure Cosmos DB Accounts data", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.DocumentDB/*/read", + "Microsoft.DocumentDB/databaseAccounts/readonlykeys/action", + "Microsoft.Insights/MetricDefinitions/read", + "Microsoft.Insights/Metrics/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-10-30T17:53:54.6005577Z", + "updatedOn": "2021-11-11T20:13:28.7911765Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/fbdf93bf-df7d-467e-a4d2-9458aa1360c8", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "fbdf93bf-df7d-467e-a4d2-9458aa1360c8" + }, + { + "properties": { + "roleName": "Cost Management Contributor", + "type": "BuiltInRole", + "description": "Can view costs and manage cost configuration (e.g. budgets, exports)", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Consumption/*", + "Microsoft.CostManagement/*", + "Microsoft.Billing/billingPeriods/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.Advisor/configurations/read", + "Microsoft.Advisor/recommendations/read", + "Microsoft.Management/managementGroups/read", + "Microsoft.Billing/billingProperty/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-03-14T16:09:22.8834827Z", + "updatedOn": "2021-11-11T20:13:29.4851851Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/434105ed-43f6-45c7-a02f-909b2ba83430", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "434105ed-43f6-45c7-a02f-909b2ba83430" + }, + { + "properties": { + "roleName": "Cost Management Reader", + "type": "BuiltInRole", + "description": "Can view cost data and configuration (e.g. budgets, exports)", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Consumption/*/read", + "Microsoft.CostManagement/*/read", + "Microsoft.Billing/billingPeriods/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.Advisor/configurations/read", + "Microsoft.Advisor/recommendations/read", + "Microsoft.Management/managementGroups/read", + "Microsoft.Billing/billingProperty/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-03-14T16:09:22.8834827Z", + "updatedOn": "2021-11-11T20:13:29.6601800Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/72fafb9e-0641-4937-9268-a91bfd8191a3", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "72fafb9e-0641-4937-9268-a91bfd8191a3" + }, + { + "properties": { + "roleName": "Data Box Contributor", + "type": "BuiltInRole", + "description": "Lets you manage everything under Data Box Service except giving access to others.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.Databox/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-07-27T08:28:42.7140210Z", + "updatedOn": "2021-11-11T20:13:30.3737856Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "add466c9-e687-43fc-8d98-dfcf8d720be5" + }, + { + "properties": { + "roleName": "Data Box Reader", + "type": "BuiltInRole", + "description": "Lets you manage Data Box Service except creating order or editing order details and giving access to others.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Databox/*/read", + "Microsoft.Databox/jobs/listsecrets/action", + "Microsoft.Databox/jobs/listcredentials/action", + "Microsoft.Databox/locations/availableSkus/action", + "Microsoft.Databox/locations/validateInputs/action", + "Microsoft.Databox/locations/regionConfiguration/action", + "Microsoft.Databox/locations/validateAddress/action", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-07-27T08:26:21.9284772Z", + "updatedOn": "2021-11-11T20:13:30.5546117Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027" + }, + { + "properties": { + "roleName": "Data Factory Contributor", + "type": "BuiltInRole", + "description": "Create and manage data factories, as well as child resources within them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.DataFactory/dataFactories/*", + "Microsoft.DataFactory/factories/*", + "Microsoft.Insights/alertRules/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.EventGrid/eventSubscriptions/write" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-02-02T21:55:09.8806423Z", + "updatedOn": "2021-11-11T20:13:30.7420174Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "673868aa-7521-48a0-acc6-0f60742d39f5" + }, + { + "properties": { + "roleName": "Data Purger", + "type": "BuiltInRole", + "description": "Can purge analytics data", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Insights/components/*/read", + "Microsoft.Insights/components/purge/action", + "Microsoft.OperationalInsights/workspaces/*/read", + "Microsoft.OperationalInsights/workspaces/purge/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-04-30T22:39:49.6167700Z", + "updatedOn": "2021-11-11T20:13:31.2788395Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90" + }, + { + "properties": { + "roleName": "Data Lake Analytics Developer", + "type": "BuiltInRole", + "description": "Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.BigAnalytics/accounts/*", + "Microsoft.DataLakeAnalytics/accounts/*", + "Microsoft.Insights/alertRules/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [ + "Microsoft.BigAnalytics/accounts/Delete", + "Microsoft.BigAnalytics/accounts/TakeOwnership/action", + "Microsoft.BigAnalytics/accounts/Write", + "Microsoft.DataLakeAnalytics/accounts/Delete", + "Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action", + "Microsoft.DataLakeAnalytics/accounts/Write", + "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write", + "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete", + "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write", + "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete", + "Microsoft.DataLakeAnalytics/accounts/firewallRules/Write", + "Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete", + "Microsoft.DataLakeAnalytics/accounts/computePolicies/Write", + "Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-10-20T00:33:29.3115234Z", + "updatedOn": "2021-11-11T20:13:31.4688491Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "47b7735b-770e-4598-a7da-8b91488b4c88" + }, + { + "properties": { + "roleName": "DevTest Labs User", + "type": "BuiltInRole", + "description": "Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Compute/availabilitySets/read", + "Microsoft.Compute/virtualMachines/*/read", + "Microsoft.Compute/virtualMachines/deallocate/action", + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/restart/action", + "Microsoft.Compute/virtualMachines/start/action", + "Microsoft.DevTestLab/*/read", + "Microsoft.DevTestLab/labs/claimAnyVm/action", + "Microsoft.DevTestLab/labs/createEnvironment/action", + "Microsoft.DevTestLab/labs/ensureCurrentUserProfile/action", + "Microsoft.DevTestLab/labs/formulas/delete", + "Microsoft.DevTestLab/labs/formulas/read", + "Microsoft.DevTestLab/labs/formulas/write", + "Microsoft.DevTestLab/labs/policySets/evaluatePolicies/action", + "Microsoft.DevTestLab/labs/virtualMachines/claim/action", + "Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action", + "Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action", + "Microsoft.Network/loadBalancers/backendAddressPools/join/action", + "Microsoft.Network/loadBalancers/inboundNatRules/join/action", + "Microsoft.Network/networkInterfaces/*/read", + "Microsoft.Network/networkInterfaces/join/action", + "Microsoft.Network/networkInterfaces/read", + "Microsoft.Network/networkInterfaces/write", + "Microsoft.Network/publicIPAddresses/*/read", + "Microsoft.Network/publicIPAddresses/join/action", + "Microsoft.Network/publicIPAddresses/read", + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Resources/deployments/operations/read", + "Microsoft.Resources/deployments/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Storage/storageAccounts/listKeys/action" + ], + "notActions": [ + "Microsoft.Compute/virtualMachines/vmSizes/read" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-06-08T21:52:45.0657582Z", + "updatedOn": "2021-11-11T20:13:32.1746507Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/76283e04-6283-4c54-8f91-bcf1374a3c64", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "76283e04-6283-4c54-8f91-bcf1374a3c64" + }, + { + "properties": { + "roleName": "DocumentDB Account Contributor", + "type": "BuiltInRole", + "description": "Lets you manage DocumentDB accounts, but not access to them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.DocumentDb/databaseAccounts/*", + "Microsoft.Insights/alertRules/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-02-02T21:55:09.8806423Z", + "updatedOn": "2021-11-11T20:13:32.3496502Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "5bd9cd88-fe45-4216-938b-f97437e15450" + }, + { + "properties": { + "roleName": "DNS Zone Contributor", + "type": "BuiltInRole", + "description": "Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Network/dnsZones/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-10-15T23:33:25.9730842Z", + "updatedOn": "2021-11-11T20:13:32.5233957Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "befefa01-2a29-4197-83a8-272ff33ce314" + }, + { + "properties": { + "roleName": "EventGrid EventSubscription Contributor", + "type": "BuiltInRole", + "description": "Lets you manage EventGrid event subscription operations.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.EventGrid/eventSubscriptions/*", + "Microsoft.EventGrid/topicTypes/eventSubscriptions/read", + "Microsoft.EventGrid/locations/eventSubscriptions/read", + "Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-10-08T23:27:28.3130743Z", + "updatedOn": "2021-11-11T20:13:33.4166738Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/428e0ff0-5e57-4d9c-a221-2c70d0e0a443", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "428e0ff0-5e57-4d9c-a221-2c70d0e0a443" + }, + { + "properties": { + "roleName": "EventGrid EventSubscription Reader", + "type": "BuiltInRole", + "description": "Lets you read EventGrid event subscriptions.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.EventGrid/eventSubscriptions/read", + "Microsoft.EventGrid/topicTypes/eventSubscriptions/read", + "Microsoft.EventGrid/locations/eventSubscriptions/read", + "Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-10-09T17:29:28.1417894Z", + "updatedOn": "2021-11-11T20:13:33.7846748Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/2414bbcf-6497-4faf-8c65-045460748405", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "2414bbcf-6497-4faf-8c65-045460748405" + }, + { + "properties": { + "roleName": "Graph Owner", + "type": "BuiltInRole", + "description": "Create and manage all aspects of the Enterprise Graph - Ontology, Schema mapping, Conflation and Conversational AI and Ingestions", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.EnterpriseKnowledgeGraph/services/conflation/read", + "Microsoft.EnterpriseKnowledgeGraph/services/conflation/write", + "Microsoft.EnterpriseKnowledgeGraph/services/sourceschema/read", + "Microsoft.EnterpriseKnowledgeGraph/services/sourceschema/write", + "Microsoft.EnterpriseKnowledgeGraph/services/knowledge/read", + "Microsoft.EnterpriseKnowledgeGraph/services/knowledge/write", + "Microsoft.EnterpriseKnowledgeGraph/services/intentclassification/read", + "Microsoft.EnterpriseKnowledgeGraph/services/intentclassification/write", + "Microsoft.EnterpriseKnowledgeGraph/services/ingestion/read", + "Microsoft.EnterpriseKnowledgeGraph/services/ingestion/write", + "Microsoft.EnterpriseKnowledgeGraph/services/ontology/read", + "Microsoft.EnterpriseKnowledgeGraph/services/ontology/write", + "Microsoft.EnterpriseKnowledgeGraph/services/delete", + "Microsoft.EnterpriseKnowledgeGraph/operations/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-02-23T21:07:22.5844236Z", + "updatedOn": "2021-11-11T20:13:34.6707886Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/b60367af-1334-4454-b71e-769d9a4f83d9", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "b60367af-1334-4454-b71e-769d9a4f83d9" + }, + { + "properties": { + "roleName": "HDInsight Domain Services Contributor", + "type": "BuiltInRole", + "description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.AAD/*/read", + "Microsoft.AAD/domainServices/*/read", + "Microsoft.AAD/domainServices/oucontainer/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-09-12T22:42:51.7451109Z", + "updatedOn": "2021-11-11T20:13:35.3921342Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "8d8d5a11-05d3-4bda-a417-a08778121c7c" + }, + { + "properties": { + "roleName": "Intelligent Systems Account Contributor", + "type": "BuiltInRole", + "description": "Lets you manage Intelligent Systems accounts, but not access to them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.IntelligentSystems/accounts/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-02-02T21:55:09.8806423Z", + "updatedOn": "2021-11-11T20:13:35.9371582Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/03a6d094-3444-4b3d-88af-7477090a9e5e", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "03a6d094-3444-4b3d-88af-7477090a9e5e" + }, + { + "properties": { + "roleName": "Key Vault Contributor", + "type": "BuiltInRole", + "description": "Lets you manage key vaults, but not access to them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.KeyVault/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [ + "Microsoft.KeyVault/locations/deletedVaults/purge/action", + "Microsoft.KeyVault/hsmPools/*", + "Microsoft.KeyVault/managedHsms/*" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2016-02-25T17:08:28.5184971Z", + "updatedOn": "2021-11-11T20:13:36.1170988Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "f25e0fa2-a7c8-4377-a976-54943a77a395" + }, + { + "properties": { + "roleName": "Knowledge Consumer", + "type": "BuiltInRole", + "description": "Knowledge Read permission to consume Enterprise Graph Knowledge using entity search and graph query", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.EnterpriseKnowledgeGraph/services/knowledge/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-02-23T21:23:31.4037552Z", + "updatedOn": "2021-11-11T20:13:37.0021342Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ee361c5d-f7b5-4119-b4b6-892157c8f64c", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ee361c5d-f7b5-4119-b4b6-892157c8f64c" + }, + { + "properties": { + "roleName": "Lab Creator", + "type": "BuiltInRole", + "description": "Lets you create new labs under your Azure Lab Accounts.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.LabServices/labAccounts/*/read", + "Microsoft.LabServices/labAccounts/createLab/action", + "Microsoft.LabServices/labAccounts/getPricingAndAvailability/action", + "Microsoft.LabServices/labAccounts/getRestrictionsAndUsage/action", + "Microsoft.Insights/alertRules/*", + "Microsoft.LabServices/labPlans/images/read", + "Microsoft.LabServices/labPlans/read", + "Microsoft.LabServices/labPlans/saveImage/action", + "Microsoft.LabServices/labs/read", + "Microsoft.LabServices/labs/schedules/read", + "Microsoft.LabServices/labs/users/read", + "Microsoft.LabServices/labs/virtualMachines/read", + "Microsoft.LabServices/locations/usages/read", + "Microsoft.LabServices/skus/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [ + "Microsoft.LabServices/labPlans/createLab/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2018-01-18T23:38:58.1036141Z", + "updatedOn": "2021-11-11T20:13:37.1821588Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/b97fb8bc-a8b2-4522-a38b-dd33c7e65ead", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "b97fb8bc-a8b2-4522-a38b-dd33c7e65ead" + }, + { + "properties": { + "roleName": "Log Analytics Reader", + "type": "BuiltInRole", + "description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "*/read", + "Microsoft.OperationalInsights/workspaces/analytics/query/action", + "Microsoft.OperationalInsights/workspaces/search/action", + "Microsoft.Support/*" + ], + "notActions": [ + "Microsoft.OperationalInsights/workspaces/sharedKeys/read" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-05-02T00:20:28.1449012Z", + "updatedOn": "2021-11-11T20:13:37.7071371Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "73c42c96-874c-492b-b04d-ab87d138a893" + }, + { + "properties": { + "roleName": "Log Analytics Contributor", + "type": "BuiltInRole", + "description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; adding solutions; and configuring Azure diagnostics on all Azure resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "*/read", + "Microsoft.ClassicCompute/virtualMachines/extensions/*", + "Microsoft.ClassicStorage/storageAccounts/listKeys/action", + "Microsoft.Compute/virtualMachines/extensions/*", + "Microsoft.HybridCompute/machines/extensions/write", + "Microsoft.Insights/alertRules/*", + "Microsoft.Insights/diagnosticSettings/*", + "Microsoft.OperationalInsights/*", + "Microsoft.OperationsManagement/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/*", + "Microsoft.Storage/storageAccounts/listKeys/action", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-04-25T21:51:45.3174711Z", + "updatedOn": "2021-11-11T20:13:37.8823618Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293" + }, + { + "properties": { + "roleName": "Logic App Operator", + "type": "BuiltInRole", + "description": "Lets you read, enable and disable logic app.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*/read", + "Microsoft.Insights/metricAlerts/*/read", + "Microsoft.Insights/diagnosticSettings/*/read", + "Microsoft.Insights/metricDefinitions/*/read", + "Microsoft.Logic/*/read", + "Microsoft.Logic/workflows/disable/action", + "Microsoft.Logic/workflows/enable/action", + "Microsoft.Logic/workflows/validate/action", + "Microsoft.Resources/deployments/operations/read", + "Microsoft.Resources/subscriptions/operationresults/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.Web/connectionGateways/*/read", + "Microsoft.Web/connections/*/read", + "Microsoft.Web/customApis/*/read", + "Microsoft.Web/serverFarms/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2016-04-28T21:33:30.4656007Z", + "updatedOn": "2021-11-11T20:13:38.0573444Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/515c2055-d9d4-4321-b1b9-bd0c9a0f79fe", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "515c2055-d9d4-4321-b1b9-bd0c9a0f79fe" + }, + { + "properties": { + "roleName": "Logic App Contributor", + "type": "BuiltInRole", + "description": "Lets you manage logic app, but not access to them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.ClassicStorage/storageAccounts/listKeys/action", + "Microsoft.ClassicStorage/storageAccounts/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Insights/metricAlerts/*", + "Microsoft.Insights/diagnosticSettings/*", + "Microsoft.Insights/logdefinitions/*", + "Microsoft.Insights/metricDefinitions/*", + "Microsoft.Logic/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/operationresults/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Storage/storageAccounts/listkeys/action", + "Microsoft.Storage/storageAccounts/read", + "Microsoft.Support/*", + "Microsoft.Web/connectionGateways/*", + "Microsoft.Web/connections/*", + "Microsoft.Web/customApis/*", + "Microsoft.Web/serverFarms/join/action", + "Microsoft.Web/serverFarms/read", + "Microsoft.Web/sites/functions/listSecrets/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2016-04-28T21:33:30.4656007Z", + "updatedOn": "2021-11-11T20:13:38.2523833Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/87a39d53-fc1b-424a-814c-f7e04687dc9e", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "87a39d53-fc1b-424a-814c-f7e04687dc9e" + }, + { + "properties": { + "roleName": "Managed Application Operator Role", + "type": "BuiltInRole", + "description": "Lets you read and perform actions on Managed Application resources", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "*/read", + "Microsoft.Solutions/applications/read", + "Microsoft.Solutions/*/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-07-27T00:59:33.7988813Z", + "updatedOn": "2021-11-11T20:13:38.5973763Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/c7393b34-138c-406f-901b-d8cf2b17e6ae", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "c7393b34-138c-406f-901b-d8cf2b17e6ae" + }, + { + "properties": { + "roleName": "Managed Applications Reader", + "type": "BuiltInRole", + "description": "Lets you read resources in a managed app and request JIT access.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Solutions/jitRequests/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-09-06T00:33:58.3651522Z", + "updatedOn": "2021-11-11T20:13:38.7723523Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/b9331d33-8a36-4f8c-b097-4f54124fdb44", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "b9331d33-8a36-4f8c-b097-4f54124fdb44" + }, + { + "properties": { + "roleName": "Managed Identity Operator", + "type": "BuiltInRole", + "description": "Read and Assign User Assigned Identity", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ManagedIdentity/userAssignedIdentities/*/read", + "Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-12-14T19:52:04.3924594Z", + "updatedOn": "2021-11-11T20:13:38.9523759Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/f1a07417-d97a-45cb-824c-7a7467783830", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "f1a07417-d97a-45cb-824c-7a7467783830" + }, + { + "properties": { + "roleName": "Managed Identity Contributor", + "type": "BuiltInRole", + "description": "Create, Read, Update, and Delete User Assigned Identity", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ManagedIdentity/userAssignedIdentities/read", + "Microsoft.ManagedIdentity/userAssignedIdentities/write", + "Microsoft.ManagedIdentity/userAssignedIdentities/delete", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-12-14T19:53:42.8804692Z", + "updatedOn": "2021-11-11T20:13:39.3023761Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/e40ec5ca-96e0-45a2-b4ff-59039f2c2b59", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "e40ec5ca-96e0-45a2-b4ff-59039f2c2b59" + }, + { + "properties": { + "roleName": "Management Group Contributor", + "type": "BuiltInRole", + "description": "Management Group Contributor Role", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Management/managementGroups/delete", + "Microsoft.Management/managementGroups/read", + "Microsoft.Management/managementGroups/subscriptions/delete", + "Microsoft.Management/managementGroups/subscriptions/write", + "Microsoft.Management/managementGroups/write", + "Microsoft.Management/managementGroups/subscriptions/read", + "Microsoft.Authorization/*/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-06-22T00:28:29.0523964Z", + "updatedOn": "2022-09-19T17:12:03.7729883Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c" + }, + { + "properties": { + "roleName": "Management Group Reader", + "type": "BuiltInRole", + "description": "Management Group Reader Role", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Management/managementGroups/read", + "Microsoft.Management/managementGroups/subscriptions/read", + "Microsoft.Authorization/*/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-06-22T00:31:03.4295347Z", + "updatedOn": "2022-09-19T17:12:03.7729883Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ac63b705-f282-497d-ac71-919bf39d939d", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ac63b705-f282-497d-ac71-919bf39d939d" + }, + { + "properties": { + "roleName": "Monitoring Reader", + "type": "BuiltInRole", + "description": "Can read all monitoring data.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "*/read", + "Microsoft.OperationalInsights/workspaces/search/action", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2016-09-21T19:19:52.4939376Z", + "updatedOn": "2022-09-06T19:22:59.9084089Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/43d0d8ad-25c7-4714-9337-8ba259a9fe05", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "43d0d8ad-25c7-4714-9337-8ba259a9fe05" + }, + { + "properties": { + "roleName": "Network Contributor", + "type": "BuiltInRole", + "description": "Lets you manage networks, but not access to them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Network/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-06-02T00:18:27.3542698Z", + "updatedOn": "2021-11-11T20:13:44.6328966Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "4d97b98b-1d4f-4787-a291-c67834d212e7" + }, + { + "properties": { + "roleName": "New Relic APM Account Contributor", + "type": "BuiltInRole", + "description": "Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "NewRelic.APM/accounts/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-02-02T21:55:09.8806423Z", + "updatedOn": "2021-11-11T20:13:45.7178576Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/5d28c62d-5b37-4476-8438-e587778df237", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "5d28c62d-5b37-4476-8438-e587778df237" + }, + { + "properties": { + "roleName": "Owner", + "type": "BuiltInRole", + "description": "Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-02-02T21:55:09.8806423Z", + "updatedOn": "2021-11-11T20:13:45.8978856Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" + }, + { + "properties": { + "roleName": "Reader", + "type": "BuiltInRole", + "description": "View all resources, but does not allow you to make any changes.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "*/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-02-02T21:55:09.8806423Z", + "updatedOn": "2021-11-11T20:13:47.8628684Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "acdd72a7-3385-48ef-bd42-f606fba81ae7" + }, + { + "properties": { + "roleName": "Redis Cache Contributor", + "type": "BuiltInRole", + "description": "Lets you manage Redis caches, but not access to them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Cache/register/action", + "Microsoft.Cache/redis/*", + "Microsoft.Insights/alertRules/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-02-02T21:55:09.8806423Z", + "updatedOn": "2021-11-11T20:13:48.0528671Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "e0f68234-74aa-48ed-b826-c38b57376e17" + }, + { + "properties": { + "roleName": "Reader and Data Access", + "type": "BuiltInRole", + "description": "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Storage/storageAccounts/listKeys/action", + "Microsoft.Storage/storageAccounts/ListAccountSas/action", + "Microsoft.Storage/storageAccounts/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-03-27T23:20:46.1498906Z", + "updatedOn": "2021-11-11T20:13:48.2278951Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "c12c1c16-33a1-487b-954d-41c89c60f349" + }, + { + "properties": { + "roleName": "Resource Policy Contributor", + "type": "BuiltInRole", + "description": "Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "*/read", + "Microsoft.Authorization/policyassignments/*", + "Microsoft.Authorization/policydefinitions/*", + "Microsoft.Authorization/policyexemptions/*", + "Microsoft.Authorization/policysetdefinitions/*", + "Microsoft.PolicyInsights/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-08-25T19:08:01.3861639Z", + "updatedOn": "2021-11-11T20:13:49.6679217Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/36243c78-bf99-498c-9df9-86d9f8d28608", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "36243c78-bf99-498c-9df9-86d9f8d28608" + }, + { + "properties": { + "roleName": "Scheduler Job Collections Contributor", + "type": "BuiltInRole", + "description": "Lets you manage Scheduler job collections, but not access to them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Scheduler/jobcollections/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-02-02T21:55:09.8806423Z", + "updatedOn": "2021-11-11T20:13:49.8429293Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/188a0f2f-5c9e-469b-ae67-2aa5ce574b94", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "188a0f2f-5c9e-469b-ae67-2aa5ce574b94" + }, + { + "properties": { + "roleName": "Search Service Contributor", + "type": "BuiltInRole", + "description": "Lets you manage Search services, but not access to them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Search/searchServices/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-02-02T21:55:09.8806423Z", + "updatedOn": "2021-11-11T20:13:50.0229309Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0" + }, + { + "properties": { + "roleName": "Security Manager (Legacy)", + "type": "BuiltInRole", + "description": "This is a legacy role. Please use Security Administrator instead", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.ClassicCompute/*/read", + "Microsoft.ClassicCompute/virtualMachines/*/write", + "Microsoft.ClassicNetwork/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Security/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-06-22T17:45:15.8986455Z", + "updatedOn": "2021-11-11T20:13:50.5729549Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/e3d13bf0-dd5a-482e-ba6b-9b8433878d10", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "e3d13bf0-dd5a-482e-ba6b-9b8433878d10" + }, + { + "properties": { + "roleName": "Security Reader", + "type": "BuiltInRole", + "description": "Security Reader Role", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/read", + "Microsoft.operationalInsights/workspaces/*/read", + "Microsoft.Resources/deployments/*/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Security/*/read", + "Microsoft.IoTSecurity/*/read", + "Microsoft.Support/*/read", + "Microsoft.Security/iotDefenderSettings/packageDownloads/action", + "Microsoft.Security/iotDefenderSettings/downloadManagerActivation/action", + "Microsoft.Security/iotSensors/downloadResetPassword/action", + "Microsoft.IoTSecurity/defenderSettings/packageDownloads/action", + "Microsoft.IoTSecurity/defenderSettings/downloadManagerActivation/action", + "Microsoft.Management/managementGroups/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-05-03T07:48:49.0516559Z", + "updatedOn": "2021-11-11T20:13:50.7479015Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/39bc4728-0917-49c7-9d2c-d95423bc2eb4", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "39bc4728-0917-49c7-9d2c-d95423bc2eb4" + }, + { + "properties": { + "roleName": "Spatial Anchors Account Contributor", + "type": "BuiltInRole", + "description": "Lets you manage spatial anchors in your account, but not delete them", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.MixedReality/SpatialAnchorsAccounts/create/action", + "Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read", + "Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read", + "Microsoft.MixedReality/SpatialAnchorsAccounts/query/read", + "Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read", + "Microsoft.MixedReality/SpatialAnchorsAccounts/write" + ], + "notDataActions": [] + } + ], + "createdOn": "2018-12-21T17:57:41.1420864Z", + "updatedOn": "2021-11-11T20:13:52.2829400Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827" + }, + { + "properties": { + "roleName": "Site Recovery Contributor", + "type": "BuiltInRole", + "description": "Lets you manage Site Recovery service except vault creation and role assignment", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Network/virtualNetworks/read", + "Microsoft.RecoveryServices/locations/allocatedStamp/read", + "Microsoft.RecoveryServices/locations/allocateStamp/action", + "Microsoft.RecoveryServices/Vaults/certificates/write", + "Microsoft.RecoveryServices/Vaults/extendedInformation/*", + "Microsoft.RecoveryServices/Vaults/read", + "Microsoft.RecoveryServices/Vaults/refreshContainers/read", + "Microsoft.RecoveryServices/Vaults/registeredIdentities/*", + "Microsoft.RecoveryServices/vaults/replicationAlertSettings/*", + "Microsoft.RecoveryServices/vaults/replicationEvents/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/*", + "Microsoft.RecoveryServices/vaults/replicationJobs/*", + "Microsoft.RecoveryServices/vaults/replicationPolicies/*", + "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*", + "Microsoft.RecoveryServices/vaults/replicationVaultSettings/*", + "Microsoft.RecoveryServices/Vaults/storageConfig/*", + "Microsoft.RecoveryServices/Vaults/tokenInfo/read", + "Microsoft.RecoveryServices/Vaults/usages/read", + "Microsoft.RecoveryServices/Vaults/vaultTokens/read", + "Microsoft.RecoveryServices/Vaults/monitoringAlerts/*", + "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Storage/storageAccounts/read", + "Microsoft.RecoveryServices/vaults/replicationOperationStatus/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-05-19T13:46:17.4592776Z", + "updatedOn": "2021-11-11T20:13:52.4579503Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/6670b86e-a3f7-4917-ac9b-5d6ab1be4567", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "6670b86e-a3f7-4917-ac9b-5d6ab1be4567" + }, + { + "properties": { + "roleName": "Site Recovery Operator", + "type": "BuiltInRole", + "description": "Lets you failover and failback but not perform other Site Recovery management operations", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Network/virtualNetworks/read", + "Microsoft.RecoveryServices/locations/allocatedStamp/read", + "Microsoft.RecoveryServices/locations/allocateStamp/action", + "Microsoft.RecoveryServices/Vaults/extendedInformation/read", + "Microsoft.RecoveryServices/Vaults/read", + "Microsoft.RecoveryServices/Vaults/refreshContainers/read", + "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read", + "Microsoft.RecoveryServices/Vaults/registeredIdentities/read", + "Microsoft.RecoveryServices/vaults/replicationAlertSettings/read", + "Microsoft.RecoveryServices/vaults/replicationEvents/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action", + "Microsoft.RecoveryServices/vaults/replicationFabrics/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action", + "Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read", + "Microsoft.RecoveryServices/vaults/replicationJobs/*", + "Microsoft.RecoveryServices/vaults/replicationPolicies/read", + "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action", + "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action", + "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read", + "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action", + "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action", + "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action", + "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action", + "Microsoft.RecoveryServices/vaults/replicationVaultSettings/read", + "Microsoft.RecoveryServices/Vaults/monitoringAlerts/*", + "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read", + "Microsoft.RecoveryServices/Vaults/storageConfig/read", + "Microsoft.RecoveryServices/Vaults/tokenInfo/read", + "Microsoft.RecoveryServices/Vaults/usages/read", + "Microsoft.RecoveryServices/Vaults/vaultTokens/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Storage/storageAccounts/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-05-19T13:47:50.1341148Z", + "updatedOn": "2021-11-11T20:13:52.6263418Z", + "createdBy": null, + "updatedBy": "" + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/494ae006-db33-4328-bf46-533a6560a3ca", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "494ae006-db33-4328-bf46-533a6560a3ca" + }, + { + "properties": { + "roleName": "Spatial Anchors Account Reader", + "type": "BuiltInRole", + "description": "Lets you locate and read properties of spatial anchors in your account", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read", + "Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read", + "Microsoft.MixedReality/SpatialAnchorsAccounts/query/read", + "Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2018-12-21T17:57:42.9271004Z", + "updatedOn": "2021-11-11T20:13:52.8013467Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/5d51204f-eb77-4b1c-b86a-2ec626c49413", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "5d51204f-eb77-4b1c-b86a-2ec626c49413" + }, + { + "properties": { + "roleName": "Site Recovery Reader", + "type": "BuiltInRole", + "description": "Lets you view Site Recovery status but not perform other management operations", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.RecoveryServices/locations/allocatedStamp/read", + "Microsoft.RecoveryServices/Vaults/extendedInformation/read", + "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read", + "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read", + "Microsoft.RecoveryServices/Vaults/read", + "Microsoft.RecoveryServices/Vaults/refreshContainers/read", + "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read", + "Microsoft.RecoveryServices/Vaults/registeredIdentities/read", + "Microsoft.RecoveryServices/vaults/replicationAlertSettings/read", + "Microsoft.RecoveryServices/vaults/replicationEvents/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read", + "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read", + "Microsoft.RecoveryServices/vaults/replicationJobs/read", + "Microsoft.RecoveryServices/vaults/replicationPolicies/read", + "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read", + "Microsoft.RecoveryServices/vaults/replicationVaultSettings/read", + "Microsoft.RecoveryServices/Vaults/storageConfig/read", + "Microsoft.RecoveryServices/Vaults/tokenInfo/read", + "Microsoft.RecoveryServices/Vaults/usages/read", + "Microsoft.RecoveryServices/Vaults/vaultTokens/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-05-19T13:35:40.0093634Z", + "updatedOn": "2021-11-11T20:13:52.9763366Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/dbaa88c4-0c30-4179-9fb3-46319faa6149", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "dbaa88c4-0c30-4179-9fb3-46319faa6149" + }, + { + "properties": { + "roleName": "Spatial Anchors Account Owner", + "type": "BuiltInRole", + "description": "Lets you manage spatial anchors in your account, including deleting them", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.MixedReality/SpatialAnchorsAccounts/create/action", + "Microsoft.MixedReality/SpatialAnchorsAccounts/delete", + "Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read", + "Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read", + "Microsoft.MixedReality/SpatialAnchorsAccounts/query/read", + "Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read", + "Microsoft.MixedReality/SpatialAnchorsAccounts/write" + ], + "notDataActions": [] + } + ], + "createdOn": "2018-12-21T17:57:43.5489832Z", + "updatedOn": "2021-11-11T20:13:53.1663250Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/70bbe301-9835-447d-afdd-19eb3167307c", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "70bbe301-9835-447d-afdd-19eb3167307c" + }, + { + "properties": { + "roleName": "SQL Managed Instance Contributor", + "type": "BuiltInRole", + "description": "Lets you manage SQL Managed Instances and required network configuration, but can\u2019t give access to others.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Network/networkSecurityGroups/*", + "Microsoft.Network/routeTables/*", + "Microsoft.Sql/locations/*/read", + "Microsoft.Sql/locations/instanceFailoverGroups/*", + "Microsoft.Sql/managedInstances/*", + "Microsoft.Support/*", + "Microsoft.Network/virtualNetworks/subnets/*", + "Microsoft.Network/virtualNetworks/*", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Insights/metrics/read", + "Microsoft.Insights/metricDefinitions/read" + ], + "notActions": [ + "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/delete", + "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/write" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2018-12-10T22:57:14.2937983Z", + "updatedOn": "2021-11-11T20:13:53.3513507Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "4939a1f6-9ae0-4e48-a1e0-f2cbe897382d" + }, + { + "properties": { + "roleName": "SQL DB Contributor", + "type": "BuiltInRole", + "description": "Lets you manage SQL databases, but not access to them. Also, you can\u0027t manage their security-related policies or their parent SQL servers.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Sql/locations/*/read", + "Microsoft.Sql/servers/databases/*", + "Microsoft.Sql/servers/read", + "Microsoft.Support/*", + "Microsoft.Insights/metrics/read", + "Microsoft.Insights/metricDefinitions/read" + ], + "notActions": [ + "Microsoft.Sql/servers/databases/ledgerDigestUploads/write", + "Microsoft.Sql/servers/databases/ledgerDigestUploads/disable/action", + "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*", + "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*", + "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*", + "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*", + "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*", + "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*", + "Microsoft.Sql/managedInstances/securityAlertPolicies/*", + "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*", + "Microsoft.Sql/servers/databases/auditingSettings/*", + "Microsoft.Sql/servers/databases/auditRecords/read", + "Microsoft.Sql/servers/databases/currentSensitivityLabels/*", + "Microsoft.Sql/servers/databases/dataMaskingPolicies/*", + "Microsoft.Sql/servers/databases/extendedAuditingSettings/*", + "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*", + "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*", + "Microsoft.Sql/servers/databases/securityAlertPolicies/*", + "Microsoft.Sql/servers/databases/securityMetrics/*", + "Microsoft.Sql/servers/databases/sensitivityLabels/*", + "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*", + "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*", + "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*", + "Microsoft.Sql/servers/vulnerabilityAssessments/*" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-02-02T21:55:09.8806423Z", + "updatedOn": "2021-11-11T20:13:53.5363219Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "9b7fa17d-e63e-47b0-bb0a-15c516ac86ec" + }, + { + "properties": { + "roleName": "SQL Security Manager", + "type": "BuiltInRole", + "description": "Lets you manage the security-related policies of SQL servers and databases, but not access to them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Sql/locations/administratorAzureAsyncOperation/read", + "Microsoft.Sql/managedInstances/advancedThreatProtectionSettings/read", + "Microsoft.Sql/managedInstances/advancedThreatProtectionSettings/write", + "Microsoft.Sql/managedInstances/databases/advancedThreatProtectionSettings/read", + "Microsoft.Sql/managedInstances/databases/advancedThreatProtectionSettings/write", + "Microsoft.Sql/managedInstances/advancedThreatProtectionSettings/read", + "Microsoft.Sql/managedInstances/advancedThreatProtectionSettings/write", + "Microsoft.Sql/managedInstances/databases/advancedThreatProtectionSettings/read", + "Microsoft.Sql/managedInstances/databases/advancedThreatProtectionSettings/write", + "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*", + "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*", + "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*", + "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*", + "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*", + "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*", + "Microsoft.Sql/servers/advancedThreatProtectionSettings/read", + "Microsoft.Sql/servers/advancedThreatProtectionSettings/write", + "Microsoft.Sql/managedInstances/securityAlertPolicies/*", + "Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*", + "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*", + "Microsoft.Sql/managedInstances/serverConfigurationOptions/read", + "Microsoft.Sql/managedInstances/serverConfigurationOptions/write", + "Microsoft.Sql/locations/serverConfigurationOptionAzureAsyncOperation/read", + "Microsoft.Sql/servers/advancedThreatProtectionSettings/read", + "Microsoft.Sql/servers/advancedThreatProtectionSettings/write", + "Microsoft.Sql/servers/auditingSettings/*", + "Microsoft.Sql/servers/extendedAuditingSettings/read", + "Microsoft.Sql/servers/databases/advancedThreatProtectionSettings/read", + "Microsoft.Sql/servers/databases/advancedThreatProtectionSettings/write", + "Microsoft.Sql/servers/databases/advancedThreatProtectionSettings/read", + "Microsoft.Sql/servers/databases/advancedThreatProtectionSettings/write", + "Microsoft.Sql/servers/databases/auditingSettings/*", + "Microsoft.Sql/servers/databases/auditRecords/read", + "Microsoft.Sql/servers/databases/currentSensitivityLabels/*", + "Microsoft.Sql/servers/databases/dataMaskingPolicies/*", + "Microsoft.Sql/servers/databases/extendedAuditingSettings/read", + "Microsoft.Sql/servers/databases/read", + "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*", + "Microsoft.Sql/servers/databases/schemas/read", + "Microsoft.Sql/servers/databases/schemas/tables/columns/read", + "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*", + "Microsoft.Sql/servers/databases/schemas/tables/read", + "Microsoft.Sql/servers/databases/securityAlertPolicies/*", + "Microsoft.Sql/servers/databases/securityMetrics/*", + "Microsoft.Sql/servers/databases/sensitivityLabels/*", + "Microsoft.Sql/servers/databases/transparentDataEncryption/*", + "Microsoft.Sql/servers/databases/sqlvulnerabilityAssessments/*", + "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*", + "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*", + "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*", + "Microsoft.Sql/servers/devOpsAuditingSettings/*", + "Microsoft.Sql/servers/firewallRules/*", + "Microsoft.Sql/servers/read", + "Microsoft.Sql/servers/securityAlertPolicies/*", + "Microsoft.Sql/servers/sqlvulnerabilityAssessments/*", + "Microsoft.Sql/servers/vulnerabilityAssessments/*", + "Microsoft.Support/*", + "Microsoft.Sql/servers/azureADOnlyAuthentications/*", + "Microsoft.Sql/managedInstances/read", + "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/*", + "Microsoft.Security/sqlVulnerabilityAssessments/*", + "Microsoft.Sql/managedInstances/administrators/read", + "Microsoft.Sql/servers/administrators/read", + "Microsoft.Sql/servers/databases/ledgerDigestUploads/*", + "Microsoft.Sql/locations/ledgerDigestUploadsAzureAsyncOperation/read", + "Microsoft.Sql/locations/ledgerDigestUploadsOperationResults/read", + "Microsoft.Sql/servers/externalPolicyBasedAuthorizations/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-06-16T18:44:40.4607572Z", + "updatedOn": "2023-03-03T16:46:08.5009876Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "056cd41c-7e88-42e1-933e-88ba6a50c9c3" + }, + { + "properties": { + "roleName": "Storage Account Contributor", + "type": "BuiltInRole", + "description": "Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Insights/diagnosticSettings/*", + "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Storage/storageAccounts/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-06-02T00:18:27.3542698Z", + "updatedOn": "2021-11-11T20:13:54.2363539Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "17d1049b-9a84-46fb-8f53-869881c3d3ab" + }, + { + "properties": { + "roleName": "SQL Server Contributor", + "type": "BuiltInRole", + "description": "Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Sql/locations/*/read", + "Microsoft.Sql/servers/*", + "Microsoft.Support/*", + "Microsoft.Insights/metrics/read", + "Microsoft.Insights/metricDefinitions/read" + ], + "notActions": [ + "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*", + "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*", + "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*", + "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*", + "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*", + "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*", + "Microsoft.Sql/managedInstances/securityAlertPolicies/*", + "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*", + "Microsoft.Sql/servers/auditingSettings/*", + "Microsoft.Sql/servers/databases/auditingSettings/*", + "Microsoft.Sql/servers/databases/auditRecords/read", + "Microsoft.Sql/servers/databases/currentSensitivityLabels/*", + "Microsoft.Sql/servers/databases/dataMaskingPolicies/*", + "Microsoft.Sql/servers/databases/extendedAuditingSettings/*", + "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*", + "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*", + "Microsoft.Sql/servers/databases/securityAlertPolicies/*", + "Microsoft.Sql/servers/databases/securityMetrics/*", + "Microsoft.Sql/servers/databases/sensitivityLabels/*", + "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*", + "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*", + "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*", + "Microsoft.Sql/servers/devOpsAuditingSettings/*", + "Microsoft.Sql/servers/extendedAuditingSettings/*", + "Microsoft.Sql/servers/securityAlertPolicies/*", + "Microsoft.Sql/servers/vulnerabilityAssessments/*", + "Microsoft.Sql/servers/azureADOnlyAuthentications/delete", + "Microsoft.Sql/servers/azureADOnlyAuthentications/write", + "Microsoft.Sql/servers/externalPolicyBasedAuthorizations/delete", + "Microsoft.Sql/servers/externalPolicyBasedAuthorizations/write" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-02-02T21:55:09.8806423Z", + "updatedOn": "2022-04-29T01:12:26.9132276Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437" + }, + { + "properties": { + "roleName": "Storage Account Key Operator Service Role", + "type": "BuiltInRole", + "description": "Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Storage/storageAccounts/listkeys/action", + "Microsoft.Storage/storageAccounts/regeneratekey/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-04-13T18:26:11.5770570Z", + "updatedOn": "2021-11-11T20:13:54.7697481Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "81a9662b-bebf-436f-a333-f67b29880f12" + }, + { + "properties": { + "roleName": "Storage Blob Data Contributor", + "type": "BuiltInRole", + "description": "Allows for read, write and delete access to Azure Storage blob containers and data", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Storage/storageAccounts/blobServices/containers/delete", + "Microsoft.Storage/storageAccounts/blobServices/containers/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/write", + "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete", + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write", + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action", + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2017-12-21T00:01:24.7972312Z", + "updatedOn": "2021-11-11T20:13:54.9397456Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ba92f5b4-2d11-453d-a403-e96b0029c9fe" + }, + { + "properties": { + "roleName": "Storage Blob Data Owner", + "type": "BuiltInRole", + "description": "Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Storage/storageAccounts/blobServices/containers/*", + "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2018-12-04T07:02:58.2775257Z", + "updatedOn": "2021-11-11T20:13:55.1225062Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "b7e6dc6d-f1e8-4753-8033-0f276bb0955b" + }, + { + "properties": { + "roleName": "Storage Blob Data Reader", + "type": "BuiltInRole", + "description": "Allows for read access to Azure Storage blob containers and data", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Storage/storageAccounts/blobServices/containers/read", + "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2017-12-21T00:01:24.7972312Z", + "updatedOn": "2021-11-11T20:13:55.2975076Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1" + }, + { + "properties": { + "roleName": "Storage Queue Data Contributor", + "type": "BuiltInRole", + "description": "Allows for read, write, and delete access to Azure Storage queues and queue messages", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Storage/storageAccounts/queueServices/queues/delete", + "Microsoft.Storage/storageAccounts/queueServices/queues/read", + "Microsoft.Storage/storageAccounts/queueServices/queues/write" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete", + "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read", + "Microsoft.Storage/storageAccounts/queueServices/queues/messages/write", + "Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2017-12-21T00:01:24.7972312Z", + "updatedOn": "2021-11-11T20:13:55.4725469Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "974c5e8b-45b9-4653-ba55-5f855dd0fb88" + }, + { + "properties": { + "roleName": "Storage Queue Data Message Processor", + "type": "BuiltInRole", + "description": "Allows for peek, receive, and delete access to Azure Storage queue messages", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read", + "Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-01-28T22:27:04.8947111Z", + "updatedOn": "2021-11-11T20:13:55.6575408Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "8a0f0c08-91a1-4084-bc3d-661d67233fed" + }, + { + "properties": { + "roleName": "Storage Queue Data Message Sender", + "type": "BuiltInRole", + "description": "Allows for sending of Azure Storage queue messages", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-01-28T22:28:34.7459724Z", + "updatedOn": "2021-11-11T20:13:55.8325508Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "c6a89b2d-59bc-44d0-9896-0f6e12d7b80a" + }, + { + "properties": { + "roleName": "Storage Queue Data Reader", + "type": "BuiltInRole", + "description": "Allows for read access to Azure Storage queues and queue messages", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Storage/storageAccounts/queueServices/queues/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2017-12-21T00:01:24.7972312Z", + "updatedOn": "2021-11-11T20:13:56.0178497Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "19e7f393-937e-4f77-808e-94535e297925" + }, + { + "properties": { + "roleName": "Support Request Contributor", + "type": "BuiltInRole", + "description": "Lets you create and manage Support requests", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-06-22T22:25:37.8053068Z", + "updatedOn": "2021-11-11T20:13:56.7444481Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e" + }, + { + "properties": { + "roleName": "Traffic Manager Contributor", + "type": "BuiltInRole", + "description": "Lets you manage Traffic Manager profiles, but does not let you control who has access to them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Network/trafficManagerProfiles/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-10-15T23:33:25.9730842Z", + "updatedOn": "2021-11-11T20:13:57.2744497Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a4b10055-b0c7-44c2-b00f-c7b5b3550cf7", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a4b10055-b0c7-44c2-b00f-c7b5b3550cf7" + }, + { + "properties": { + "roleName": "User Access Administrator", + "type": "BuiltInRole", + "description": "Lets you manage user access to Azure resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "*/read", + "Microsoft.Authorization/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-02-02T21:55:09.8806423Z", + "updatedOn": "2021-11-11T20:13:57.7932023Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9" + }, + { + "properties": { + "roleName": "Virtual Machine Contributor", + "type": "BuiltInRole", + "description": "Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they\u0027re connected to.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Compute/availabilitySets/*", + "Microsoft.Compute/locations/*", + "Microsoft.Compute/virtualMachines/*", + "Microsoft.Compute/virtualMachineScaleSets/*", + "Microsoft.Compute/cloudServices/*", + "Microsoft.Compute/disks/write", + "Microsoft.Compute/disks/read", + "Microsoft.Compute/disks/delete", + "Microsoft.DevTestLab/schedules/*", + "Microsoft.Insights/alertRules/*", + "Microsoft.Network/applicationGateways/backendAddressPools/join/action", + "Microsoft.Network/loadBalancers/backendAddressPools/join/action", + "Microsoft.Network/loadBalancers/inboundNatPools/join/action", + "Microsoft.Network/loadBalancers/inboundNatRules/join/action", + "Microsoft.Network/loadBalancers/probes/join/action", + "Microsoft.Network/loadBalancers/read", + "Microsoft.Network/locations/*", + "Microsoft.Network/networkInterfaces/*", + "Microsoft.Network/networkSecurityGroups/join/action", + "Microsoft.Network/networkSecurityGroups/read", + "Microsoft.Network/publicIPAddresses/join/action", + "Microsoft.Network/publicIPAddresses/read", + "Microsoft.Network/virtualNetworks/read", + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.RecoveryServices/locations/*", + "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write", + "Microsoft.RecoveryServices/Vaults/backupPolicies/read", + "Microsoft.RecoveryServices/Vaults/backupPolicies/write", + "Microsoft.RecoveryServices/Vaults/read", + "Microsoft.RecoveryServices/Vaults/usages/read", + "Microsoft.RecoveryServices/Vaults/write", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.SerialConsole/serialPorts/connect/action", + "Microsoft.SqlVirtualMachine/*", + "Microsoft.Storage/storageAccounts/listKeys/action", + "Microsoft.Storage/storageAccounts/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-06-02T00:18:27.3542698Z", + "updatedOn": "2021-11-11T20:13:58.3176075Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c" + }, + { + "properties": { + "roleName": "Web Plan Contributor", + "type": "BuiltInRole", + "description": "Lets you manage the web plans for websites, but not access to them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.Web/serverFarms/*", + "Microsoft.Web/hostingEnvironments/Join/Action", + "Microsoft.Insights/autoscalesettings/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-02-02T21:55:09.8806423Z", + "updatedOn": "2022-09-05T17:12:49.4643439Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b" + }, + { + "properties": { + "roleName": "Website Contributor", + "type": "BuiltInRole", + "description": "Lets you manage websites (not web plans), but not access to them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Insights/components/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.Web/certificates/*", + "Microsoft.Web/listSitesAssignedToHostName/read", + "Microsoft.Web/serverFarms/join/action", + "Microsoft.Web/serverFarms/read", + "Microsoft.Web/sites/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2015-05-12T23:10:23.6193952Z", + "updatedOn": "2021-11-11T20:13:58.6655647Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "de139f84-1756-47ae-9be6-808fbbe84772" + }, + { + "properties": { + "roleName": "Azure Service Bus Data Owner", + "type": "BuiltInRole", + "description": "Allows for full access to Azure Service Bus resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ServiceBus/*" + ], + "notActions": [], + "dataActions": [ + "Microsoft.ServiceBus/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-04-16T21:33:36.7445745Z", + "updatedOn": "2021-11-11T20:13:59.2005807Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/090c5cfd-751d-490a-894a-3ce6f1109419", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "090c5cfd-751d-490a-894a-3ce6f1109419" + }, + { + "properties": { + "roleName": "Azure Event Hubs Data Owner", + "type": "BuiltInRole", + "description": "Allows for full access to Azure Event Hubs resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.EventHub/*" + ], + "notActions": [], + "dataActions": [ + "Microsoft.EventHub/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-04-16T21:34:29.8656362Z", + "updatedOn": "2021-11-11T20:13:59.3721538Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "f526a384-b230-433a-b45c-95f59c4a2dec" + }, + { + "properties": { + "roleName": "Attestation Contributor", + "type": "BuiltInRole", + "description": "Can read write or delete the attestation provider instance", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Attestation/attestationProviders/attestation/read", + "Microsoft.Attestation/attestationProviders/attestation/write", + "Microsoft.Attestation/attestationProviders/attestation/delete" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-04-19T00:24:09.3354177Z", + "updatedOn": "2021-11-11T20:13:59.7271218Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/bbf86eb8-f7b4-4cce-96e4-18cddf81d86e", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "bbf86eb8-f7b4-4cce-96e4-18cddf81d86e" + }, + { + "properties": { + "roleName": "HDInsight Cluster Operator", + "type": "BuiltInRole", + "description": "Lets you read and modify HDInsight cluster configurations.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.HDInsight/*/read", + "Microsoft.HDInsight/clusters/getGatewaySettings/action", + "Microsoft.HDInsight/clusters/updateGatewaySettings/action", + "Microsoft.HDInsight/clusters/configurations/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/deployments/operations/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Authorization/*/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-04-20T00:03:01.7110732Z", + "updatedOn": "2021-11-11T20:13:59.9052180Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "61ed4efc-fab3-44fd-b111-e24485cc132a" + }, + { + "properties": { + "roleName": "Cosmos DB Operator", + "type": "BuiltInRole", + "description": "Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.DocumentDb/databaseAccounts/*", + "Microsoft.Insights/alertRules/*", + "Microsoft.Authorization/*/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action" + ], + "notActions": [ + "Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*", + "Microsoft.DocumentDB/databaseAccounts/regenerateKey/*", + "Microsoft.DocumentDB/databaseAccounts/listKeys/*", + "Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*", + "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/write", + "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/delete", + "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/write", + "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/delete", + "Microsoft.DocumentDB/databaseAccounts/mongodbRoleDefinitions/write", + "Microsoft.DocumentDB/databaseAccounts/mongodbRoleDefinitions/delete", + "Microsoft.DocumentDB/databaseAccounts/mongodbUserDefinitions/write", + "Microsoft.DocumentDB/databaseAccounts/mongodbUserDefinitions/delete" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-04-26T17:01:17.0169383Z", + "updatedOn": "2023-01-13T21:16:13.9232439Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "230815da-be43-4aae-9cb4-875f7bd000aa" + }, + { + "properties": { + "roleName": "Hybrid Server Resource Administrator", + "type": "BuiltInRole", + "description": "Can read, write, delete, and re-onboard Hybrid servers to the Hybrid Resource Provider.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.HybridCompute/machines/*", + "Microsoft.HybridCompute/*/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-04-29T21:39:32.3132923Z", + "updatedOn": "2021-11-11T20:14:00.2548257Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/48b40c6e-82e0-4eb3-90d5-19e40f49b624", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "48b40c6e-82e0-4eb3-90d5-19e40f49b624" + }, + { + "properties": { + "roleName": "Hybrid Server Onboarding", + "type": "BuiltInRole", + "description": "Can onboard new Hybrid servers to the Hybrid Resource Provider.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.HybridCompute/machines/read", + "Microsoft.HybridCompute/machines/write" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-04-29T22:36:28.1873756Z", + "updatedOn": "2021-11-11T20:14:00.4308999Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/5d1e5ee4-7c68-4a71-ac8b-0739630a3dfb", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "5d1e5ee4-7c68-4a71-ac8b-0739630a3dfb" + }, + { + "properties": { + "roleName": "Azure Event Hubs Data Receiver", + "type": "BuiltInRole", + "description": "Allows receive access to Azure Event Hubs resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.EventHub/*/eventhubs/consumergroups/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.EventHub/*/receive/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-05-10T06:25:21.1056666Z", + "updatedOn": "2021-11-11T20:14:01.3225169Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde" + }, + { + "properties": { + "roleName": "Azure Event Hubs Data Sender", + "type": "BuiltInRole", + "description": "Allows send access to Azure Event Hubs resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.EventHub/*/eventhubs/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.EventHub/*/send/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-05-10T06:26:12.4673714Z", + "updatedOn": "2021-11-11T20:14:01.4925583Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "2b629674-e913-4c01-ae53-ef4638d8f975" + }, + { + "properties": { + "roleName": "Azure Service Bus Data Receiver", + "type": "BuiltInRole", + "description": "Allows for receive access to Azure Service Bus resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ServiceBus/*/queues/read", + "Microsoft.ServiceBus/*/topics/read", + "Microsoft.ServiceBus/*/topics/subscriptions/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.ServiceBus/*/receive/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-05-10T06:43:01.6343849Z", + "updatedOn": "2021-11-11T20:14:01.6629685Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0" + }, + { + "properties": { + "roleName": "Azure Service Bus Data Sender", + "type": "BuiltInRole", + "description": "Allows for send access to Azure Service Bus resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ServiceBus/*/queues/read", + "Microsoft.ServiceBus/*/topics/read", + "Microsoft.ServiceBus/*/topics/subscriptions/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.ServiceBus/*/send/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-05-10T06:43:46.7046934Z", + "updatedOn": "2021-11-11T20:14:01.8479199Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "69a216fc-b8fb-44d8-bc22-1f3c2cd27a39" + }, + { + "properties": { + "roleName": "Storage File Data SMB Share Reader", + "type": "BuiltInRole", + "description": "Allows for read access to Azure File Share over SMB", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-07-01T20:19:31.8620471Z", + "updatedOn": "2021-11-11T20:14:04.3642909Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "aba4ae5f-2193-4029-9191-0cb91df5e314" + }, + { + "properties": { + "roleName": "Storage File Data SMB Share Contributor", + "type": "BuiltInRole", + "description": "Allows for read, write, and delete access in Azure Storage file shares over SMB", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read", + "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write", + "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-07-01T20:54:35.4834310Z", + "updatedOn": "2021-11-11T20:14:04.5443323Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb" + }, + { + "properties": { + "roleName": "Private DNS Zone Contributor", + "type": "BuiltInRole", + "description": "Lets you manage private DNS zone resources, but not the virtual networks they are linked to.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.Network/privateDnsZones/*", + "Microsoft.Network/privateDnsOperationResults/*", + "Microsoft.Network/privateDnsOperationStatuses/*", + "Microsoft.Network/virtualNetworks/read", + "Microsoft.Network/virtualNetworks/join/action", + "Microsoft.Authorization/*/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-07-10T19:31:15.5645518Z", + "updatedOn": "2021-11-11T20:14:04.7342851Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "b12aa53e-6015-4669-85d0-8515ebb3ae7f" + }, + { + "properties": { + "roleName": "Storage Blob Delegator", + "type": "BuiltInRole", + "description": "Allows for generation of a user delegation key which can be used to sign SAS tokens", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-07-23T00:51:16.3376761Z", + "updatedOn": "2021-11-11T20:14:05.4321714Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "db58b8e5-c6ad-4a2a-8342-4190687cbf4a" + }, + { + "properties": { + "roleName": "Desktop Virtualization User", + "type": "BuiltInRole", + "description": "Allows user to use the applications in an application group.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.DesktopVirtualization/applicationGroups/useApplications/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-08-07T00:29:03.8727621Z", + "updatedOn": "2021-11-11T20:14:05.9821791Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63" + }, + { + "properties": { + "roleName": "Storage File Data SMB Share Elevated Contributor", + "type": "BuiltInRole", + "description": "Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read", + "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write", + "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete", + "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-08-07T01:35:36.9935457Z", + "updatedOn": "2021-11-11T20:14:06.1571744Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a7264617-510b-434b-a828-9731dc254ea7" + }, + { + "properties": { + "roleName": "Blueprint Contributor", + "type": "BuiltInRole", + "description": "Can manage blueprint definitions, but not assign them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Blueprint/blueprints/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-08-14T21:55:16.9683949Z", + "updatedOn": "2021-11-11T20:14:06.5171828Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/41077137-e803-4205-871c-5a86e6a753b4", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "41077137-e803-4205-871c-5a86e6a753b4" + }, + { + "properties": { + "roleName": "Blueprint Operator", + "type": "BuiltInRole", + "description": "Can assign existing published blueprints, but cannot create new blueprints. NOTE: this only works if the assignment is done with a user-assigned managed identity.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Blueprint/blueprintAssignments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-08-14T21:56:48.7897875Z", + "updatedOn": "2021-11-11T20:14:06.6971401Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "437d2ced-4a38-4302-8479-ed2bcb43d090" + }, + { + "properties": { + "roleName": "Microsoft Sentinel Contributor", + "type": "BuiltInRole", + "description": "Microsoft Sentinel Contributor", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.SecurityInsights/*", + "Microsoft.OperationalInsights/workspaces/analytics/query/action", + "Microsoft.OperationalInsights/workspaces/*/read", + "Microsoft.OperationalInsights/workspaces/savedSearches/*", + "Microsoft.OperationsManagement/solutions/read", + "Microsoft.OperationalInsights/workspaces/query/read", + "Microsoft.OperationalInsights/workspaces/query/*/read", + "Microsoft.OperationalInsights/workspaces/dataSources/read", + "Microsoft.OperationalInsights/querypacks/*/read", + "Microsoft.Insights/workbooks/*", + "Microsoft.Insights/myworkbooks/read", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [ + "Microsoft.SecurityInsights/ConfidentialWatchlists/*", + "Microsoft.OperationalInsights/workspaces/query/ConfidentialWatchlist/*" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-08-28T16:39:03.8725173Z", + "updatedOn": "2022-08-02T00:12:09.1707121Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ab8e14d6-4a74-4a29-9ba8-549422addade", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ab8e14d6-4a74-4a29-9ba8-549422addade" + }, + { + "properties": { + "roleName": "Microsoft Sentinel Responder", + "type": "BuiltInRole", + "description": "Microsoft Sentinel Responder", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.SecurityInsights/*/read", + "Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action", + "Microsoft.SecurityInsights/automationRules/*", + "Microsoft.SecurityInsights/cases/*", + "Microsoft.SecurityInsights/incidents/*", + "Microsoft.SecurityInsights/threatIntelligence/indicators/appendTags/action", + "Microsoft.SecurityInsights/threatIntelligence/indicators/query/action", + "Microsoft.SecurityInsights/threatIntelligence/bulkTag/action", + "Microsoft.SecurityInsights/threatIntelligence/indicators/appendTags/action", + "Microsoft.SecurityInsights/threatIntelligence/indicators/replaceTags/action", + "Microsoft.SecurityInsights/threatIntelligence/queryIndicators/action", + "Microsoft.OperationalInsights/workspaces/analytics/query/action", + "Microsoft.OperationalInsights/workspaces/*/read", + "Microsoft.OperationalInsights/workspaces/dataSources/read", + "Microsoft.OperationalInsights/workspaces/savedSearches/read", + "Microsoft.OperationsManagement/solutions/read", + "Microsoft.OperationalInsights/workspaces/query/read", + "Microsoft.OperationalInsights/workspaces/query/*/read", + "Microsoft.OperationalInsights/workspaces/dataSources/read", + "Microsoft.OperationalInsights/querypacks/*/read", + "Microsoft.Insights/workbooks/read", + "Microsoft.Insights/myworkbooks/read", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [ + "Microsoft.SecurityInsights/cases/*/Delete", + "Microsoft.SecurityInsights/incidents/*/Delete", + "Microsoft.SecurityInsights/ConfidentialWatchlists/*", + "Microsoft.OperationalInsights/workspaces/query/ConfidentialWatchlist/*" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-08-28T16:54:07.6467264Z", + "updatedOn": "2022-08-02T00:12:08.9832071Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/3e150937-b8fe-4cfb-8069-0eaf05ecd056", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "3e150937-b8fe-4cfb-8069-0eaf05ecd056" + }, + { + "properties": { + "roleName": "Microsoft Sentinel Reader", + "type": "BuiltInRole", + "description": "Microsoft Sentinel Reader", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.SecurityInsights/*/read", + "Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action", + "Microsoft.SecurityInsights/threatIntelligence/indicators/query/action", + "Microsoft.SecurityInsights/threatIntelligence/queryIndicators/action", + "Microsoft.OperationalInsights/workspaces/analytics/query/action", + "Microsoft.OperationalInsights/workspaces/*/read", + "Microsoft.OperationalInsights/workspaces/LinkedServices/read", + "Microsoft.OperationalInsights/workspaces/savedSearches/read", + "Microsoft.OperationsManagement/solutions/read", + "Microsoft.OperationalInsights/workspaces/query/read", + "Microsoft.OperationalInsights/workspaces/query/*/read", + "Microsoft.OperationalInsights/querypacks/*/read", + "Microsoft.OperationalInsights/workspaces/dataSources/read", + "Microsoft.Insights/workbooks/read", + "Microsoft.Insights/myworkbooks/read", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/templateSpecs/*/read", + "Microsoft.Support/*" + ], + "notActions": [ + "Microsoft.SecurityInsights/ConfidentialWatchlists/*", + "Microsoft.OperationalInsights/workspaces/query/ConfidentialWatchlist/*" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-08-28T16:58:50.1132117Z", + "updatedOn": "2022-08-02T00:12:09.1707121Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/8d289c81-5878-46d4-8554-54e1e3d8b5cb", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "8d289c81-5878-46d4-8554-54e1e3d8b5cb" + }, + { + "properties": { + "roleName": "Policy Insights Data Writer (Preview)", + "type": "BuiltInRole", + "description": "Allows read access to resource policies and write access to resource component policy events.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/policyassignments/read", + "Microsoft.Authorization/policydefinitions/read", + "Microsoft.Authorization/policyexemptions/read", + "Microsoft.Authorization/policysetdefinitions/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.PolicyInsights/checkDataPolicyCompliance/action", + "Microsoft.PolicyInsights/policyEvents/logDataEvents/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-09-19T19:35:20.9504127Z", + "updatedOn": "2021-11-11T20:14:09.4235132Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/66bb4e9e-b016-4a94-8249-4c0511c2be84", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "66bb4e9e-b016-4a94-8249-4c0511c2be84" + }, + { + "properties": { + "roleName": "SignalR AccessKey Reader", + "type": "BuiltInRole", + "description": "Read SignalR Service Access Keys", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.SignalRService/*/read", + "Microsoft.SignalRService/SignalR/listkeys/action", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-09-20T09:33:19.6236874Z", + "updatedOn": "2021-11-11T20:14:09.6134860Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/04165923-9d83-45d5-8227-78b77b0a687e", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "04165923-9d83-45d5-8227-78b77b0a687e" + }, + { + "properties": { + "roleName": "SignalR/Web PubSub Contributor", + "type": "BuiltInRole", + "description": "Create, Read, Update, and Delete SignalR service resources", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.SignalRService/*", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-09-20T09:58:09.0009662Z", + "updatedOn": "2021-11-11T20:14:09.7884765Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761" + }, + { + "properties": { + "roleName": "Azure Connected Machine Onboarding", + "type": "BuiltInRole", + "description": "Can onboard Azure Connected Machines.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.HybridCompute/machines/read", + "Microsoft.HybridCompute/machines/write", + "Microsoft.HybridCompute/privateLinkScopes/read", + "Microsoft.GuestConfiguration/guestConfigurationAssignments/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-10-23T20:15:07.1372870Z", + "updatedOn": "2021-11-11T20:14:10.8735219Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/b64e21ea-ac4e-4cdf-9dc9-5b892992bee7", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "b64e21ea-ac4e-4cdf-9dc9-5b892992bee7" + }, + { + "properties": { + "roleName": "Managed Services Registration assignment Delete Role", + "type": "BuiltInRole", + "description": "Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ManagedServices/registrationAssignments/read", + "Microsoft.ManagedServices/registrationAssignments/delete", + "Microsoft.ManagedServices/operationStatuses/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-10-23T22:33:33.1183469Z", + "updatedOn": "2021-11-11T20:14:11.2336400Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/91c1777a-f3dc-4fae-b103-61d183457e46", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "91c1777a-f3dc-4fae-b103-61d183457e46" + }, + { + "properties": { + "roleName": "App Configuration Data Owner", + "type": "BuiltInRole", + "description": "Allows full access to App Configuration data.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.AppConfiguration/configurationStores/*/read", + "Microsoft.AppConfiguration/configurationStores/*/write", + "Microsoft.AppConfiguration/configurationStores/*/delete", + "Microsoft.AppConfiguration/configurationStores/*/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-10-25T18:41:40.1185063Z", + "updatedOn": "2023-02-06T16:01:22.3871138Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b" + }, + { + "properties": { + "roleName": "App Configuration Data Reader", + "type": "BuiltInRole", + "description": "Allows read access to App Configuration data.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.AppConfiguration/configurationStores/*/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-10-25T18:45:33.7975332Z", + "updatedOn": "2021-11-11T20:14:11.5885341Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "516239f1-63e1-4d78-a4de-a74fb236a071" + }, + { + "properties": { + "roleName": "Kubernetes Cluster - Azure Arc Onboarding", + "type": "BuiltInRole", + "description": "Role definition to authorize any user/service to create connectedClusters resource", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/write", + "Microsoft.Resources/subscriptions/operationresults/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Kubernetes/connectedClusters/Write", + "Microsoft.Kubernetes/connectedClusters/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-11-18T17:00:02.2087147Z", + "updatedOn": "2021-11-11T20:14:12.4685303Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/34e09817-6cbe-4d01-b1a2-e0eac5743d41", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "34e09817-6cbe-4d01-b1a2-e0eac5743d41" + }, + { + "properties": { + "roleName": "Experimentation Contributor", + "type": "BuiltInRole", + "description": "Experimentation Contributor", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Experimentation/experimentWorkspaces/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/read", + "Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/write", + "Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/delete", + "Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/experiment/action", + "Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/emergencystop/action", + "Microsoft.Experimentation/experimentWorkspaces/read", + "Microsoft.Experimentation/experimentWorkspaces/write", + "Microsoft.Experimentation/experimentWorkspaces/delete" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-12-13T00:08:08.6679591Z", + "updatedOn": "2021-11-11T20:14:14.6454147Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/7f646f1b-fa08-80eb-a22b-edd6ce5c915c", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "7f646f1b-fa08-80eb-a22b-edd6ce5c915c" + }, + { + "properties": { + "roleName": "Cognitive Services QnA Maker Reader", + "type": "BuiltInRole", + "description": "Let\u2019s you read and test a KB only.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CognitiveServices/*/read", + "Microsoft.Authorization/roleAssignments/read", + "Microsoft.Authorization/roleDefinitions/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read", + "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read", + "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action", + "Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read", + "Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read", + "Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read", + "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read", + "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read", + "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action", + "Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read", + "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read", + "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read", + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read", + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read", + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action", + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read", + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read", + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-12-17T18:26:12.3329439Z", + "updatedOn": "2021-11-11T20:14:14.8254033Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/466ccd10-b268-4a11-b098-b4849f024126", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "466ccd10-b268-4a11-b098-b4849f024126" + }, + { + "properties": { + "roleName": "Cognitive Services QnA Maker Editor", + "type": "BuiltInRole", + "description": "Let\u2019s you create, edit, import and export a KB. You cannot publish or delete a KB.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CognitiveServices/*/read", + "Microsoft.Authorization/roleAssignments/read", + "Microsoft.Authorization/roleDefinitions/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read", + "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read", + "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/create/write", + "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/write", + "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action", + "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/train/action", + "Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read", + "Microsoft.CognitiveServices/accounts/QnAMaker/alterations/write", + "Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read", + "Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/refreshkeys/action", + "Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read", + "Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/write", + "Microsoft.CognitiveServices/accounts/QnAMaker/operations/read", + "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read", + "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read", + "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/create/write", + "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/write", + "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action", + "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/train/action", + "Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read", + "Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/write", + "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read", + "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/refreshkeys/action", + "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read", + "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/write", + "Microsoft.CognitiveServices/accounts/QnAMaker.v2/operations/read", + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read", + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read", + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/create/write", + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/write", + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action", + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/train/action", + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read", + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/write", + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read", + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/refreshkeys/action", + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read", + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/write", + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/operations/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-12-17T18:27:30.6434556Z", + "updatedOn": "2021-11-11T20:14:14.9961559Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/f4cc2bf9-21be-47a1-bdf1-5c5804381025", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "f4cc2bf9-21be-47a1-bdf1-5c5804381025" + }, + { + "properties": { + "roleName": "Experimentation Administrator", + "type": "BuiltInRole", + "description": "Experimentation Administrator", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Experimentation/experimentWorkspaces/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/admin/action", + "Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/read", + "Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/write", + "Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/delete", + "Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/experimentadmin/action", + "Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/experiment/action", + "Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/emergencystop/action", + "Microsoft.Experimentation/experimentWorkspaces/read", + "Microsoft.Experimentation/experimentWorkspaces/write", + "Microsoft.Experimentation/experimentWorkspaces/delete", + "Microsoft.Experimentation/experimentWorkspaces/admin/action", + "Microsoft.Experimentation/experimentWorkspaces/metricwrite/action", + "Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/metricwrite/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2019-12-18T22:46:33.1116612Z", + "updatedOn": "2021-11-11T20:14:15.1811577Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/7f646f1b-fa08-80eb-a33b-edd6ce5c915c", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "7f646f1b-fa08-80eb-a33b-edd6ce5c915c" + }, + { + "properties": { + "roleName": "Remote Rendering Administrator", + "type": "BuiltInRole", + "description": "Provides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.MixedReality/RemoteRenderingAccounts/convert/action", + "Microsoft.MixedReality/RemoteRenderingAccounts/convert/read", + "Microsoft.MixedReality/RemoteRenderingAccounts/convert/delete", + "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/read", + "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/action", + "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/delete", + "Microsoft.MixedReality/RemoteRenderingAccounts/render/read", + "Microsoft.MixedReality/RemoteRenderingAccounts/diagnostic/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-01-23T18:15:31.3450348Z", + "updatedOn": "2021-11-11T20:14:16.7621737Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/3df8b902-2a6f-47c7-8cc5-360e9b272a7e", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "3df8b902-2a6f-47c7-8cc5-360e9b272a7e" + }, + { + "properties": { + "roleName": "Remote Rendering Client", + "type": "BuiltInRole", + "description": "Provides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/read", + "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/action", + "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/delete", + "Microsoft.MixedReality/RemoteRenderingAccounts/render/read", + "Microsoft.MixedReality/RemoteRenderingAccounts/diagnostic/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-01-23T18:32:52.7069824Z", + "updatedOn": "2021-11-11T20:14:16.9421512Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/d39065c4-c120-43c9-ab0a-63eed9795f0a", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "d39065c4-c120-43c9-ab0a-63eed9795f0a" + }, + { + "properties": { + "roleName": "Managed Application Contributor Role", + "type": "BuiltInRole", + "description": "Allows for creating managed application resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "*/read", + "Microsoft.Solutions/applications/*", + "Microsoft.Solutions/register/action", + "Microsoft.Resources/subscriptions/resourceGroups/*", + "Microsoft.Resources/deployments/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-02-08T03:39:11.8933879Z", + "updatedOn": "2021-11-11T20:14:19.1271536Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/641177b8-a67a-45b9-a033-47bc880bb21e", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "641177b8-a67a-45b9-a033-47bc880bb21e" + }, + { + "properties": { + "roleName": "Security Assessment Contributor", + "type": "BuiltInRole", + "description": "Lets you push assessments to Security Center", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Security/assessments/write" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-02-13T08:23:47.7656161Z", + "updatedOn": "2021-11-11T20:14:19.3021974Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/612c2aa1-cb24-443b-ac28-3ab7272de6f5", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "612c2aa1-cb24-443b-ac28-3ab7272de6f5" + }, + { + "properties": { + "roleName": "Tag Contributor", + "type": "BuiltInRole", + "description": "Lets you manage tags on entities, without providing access to the entities themselves.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/subscriptions/resourceGroups/resources/read", + "Microsoft.Resources/subscriptions/resources/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Insights/alertRules/*", + "Microsoft.Support/*", + "Microsoft.Resources/tags/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-02-18T23:19:19.2977644Z", + "updatedOn": "2021-11-11T20:14:20.0172041Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "4a9ae827-6dc8-4573-8ac7-8239d42aa03f" + }, + { + "properties": { + "roleName": "Integration Service Environment Developer", + "type": "BuiltInRole", + "description": "Allows developers to create and update workflows, integration accounts and API connections in integration service environments.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Support/*", + "Microsoft.Logic/integrationServiceEnvironments/read", + "Microsoft.Logic/integrationServiceEnvironments/*/join/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-02-20T21:09:00.5627875Z", + "updatedOn": "2021-11-11T20:14:20.1871986Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/c7aa55d3-1abb-444a-a5ca-5e51e485d6ec", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "c7aa55d3-1abb-444a-a5ca-5e51e485d6ec" + }, + { + "properties": { + "roleName": "Integration Service Environment Contributor", + "type": "BuiltInRole", + "description": "Lets you manage integration service environments, but not access to them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Support/*", + "Microsoft.Logic/integrationServiceEnvironments/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-02-20T21:10:44.4008319Z", + "updatedOn": "2021-11-11T20:14:20.3622058Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a41e2c5b-bd99-4a07-88f4-9bf657a760b8", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a41e2c5b-bd99-4a07-88f4-9bf657a760b8" + }, + { + "properties": { + "roleName": "Azure Kubernetes Service Contributor Role", + "type": "BuiltInRole", + "description": "Grants access to read and write Azure Kubernetes Service clusters", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ContainerService/managedClusters/read", + "Microsoft.ContainerService/managedClusters/write", + "Microsoft.Resources/deployments/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-02-27T19:27:15.0739970Z", + "updatedOn": "2021-11-11T20:14:21.2621727Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8" + }, + { + "properties": { + "roleName": "Azure Digital Twins Data Reader", + "type": "BuiltInRole", + "description": "Read-only role for Digital Twins data-plane properties", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.DigitalTwins/digitaltwins/read", + "Microsoft.DigitalTwins/digitaltwins/relationships/read", + "Microsoft.DigitalTwins/eventroutes/read", + "Microsoft.DigitalTwins/jobs/import/read", + "Microsoft.DigitalTwins/models/read", + "Microsoft.DigitalTwins/query/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-03-10T23:48:14.7057381Z", + "updatedOn": "2022-09-08T04:45:22.3013127Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/d57506d4-4c8d-48b1-8587-93c323f6a5a3", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "d57506d4-4c8d-48b1-8587-93c323f6a5a3" + }, + { + "properties": { + "roleName": "Azure Digital Twins Data Owner", + "type": "BuiltInRole", + "description": "Full access role for Digital Twins data-plane", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.DigitalTwins/digitaltwins/*", + "Microsoft.DigitalTwins/digitaltwins/commands/*", + "Microsoft.DigitalTwins/digitaltwins/relationships/*", + "Microsoft.DigitalTwins/eventroutes/*", + "Microsoft.DigitalTwins/jobs/*", + "Microsoft.DigitalTwins/models/*", + "Microsoft.DigitalTwins/query/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-03-10T23:49:33.7821930Z", + "updatedOn": "2022-09-08T01:58:14.2969628Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/bcd981a7-7f74-457b-83e1-cceb9e632ffe", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "bcd981a7-7f74-457b-83e1-cceb9e632ffe" + }, + { + "properties": { + "roleName": "Hierarchy Settings Administrator", + "type": "BuiltInRole", + "description": "Allows users to edit and delete Hierarchy Settings", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Management/managementGroups/settings/write", + "Microsoft.Management/managementGroups/settings/delete" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-03-13T23:55:11.0212387Z", + "updatedOn": "2021-11-11T20:14:23.0882347Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/350f8d15-c687-4448-8ae1-157740a3936d", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "350f8d15-c687-4448-8ae1-157740a3936d" + }, + { + "properties": { + "roleName": "FHIR Data Contributor", + "type": "BuiltInRole", + "description": "Role allows user or principal full access to FHIR Data", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.HealthcareApis/services/fhir/resources/*", + "Microsoft.HealthcareApis/workspaces/fhirservices/resources/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-03-17T18:35:04.4949547Z", + "updatedOn": "2021-11-11T20:14:23.6235473Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/5a1fc7df-4bf1-4951-a576-89034ee01acd", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "5a1fc7df-4bf1-4951-a576-89034ee01acd" + }, + { + "properties": { + "roleName": "FHIR Data Exporter", + "type": "BuiltInRole", + "description": "Role allows user or principal to read and export FHIR Data", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.HealthcareApis/services/fhir/resources/read", + "Microsoft.HealthcareApis/services/fhir/resources/export/action", + "Microsoft.HealthcareApis/workspaces/fhirservices/resources/read", + "Microsoft.HealthcareApis/workspaces/fhirservices/resources/export/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-03-17T18:45:01.9764073Z", + "updatedOn": "2021-11-11T20:14:23.7992557Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/3db33094-8700-4567-8da5-1501d4e7e843", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "3db33094-8700-4567-8da5-1501d4e7e843" + }, + { + "properties": { + "roleName": "FHIR Data Reader", + "type": "BuiltInRole", + "description": "Role allows user or principal to read FHIR Data", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.HealthcareApis/services/fhir/resources/read", + "Microsoft.HealthcareApis/workspaces/fhirservices/resources/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-03-17T18:49:04.8353499Z", + "updatedOn": "2021-11-11T20:14:23.9692275Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/4c8d0bbc-75d3-4935-991f-5f3c56d81508", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "4c8d0bbc-75d3-4935-991f-5f3c56d81508" + }, + { + "properties": { + "roleName": "FHIR Data Writer", + "type": "BuiltInRole", + "description": "Role allows user or principal to read and write FHIR Data", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.HealthcareApis/services/fhir/resources/*", + "Microsoft.HealthcareApis/workspaces/fhirservices/resources/*" + ], + "notDataActions": [ + "Microsoft.HealthcareApis/services/fhir/resources/hardDelete/action", + "Microsoft.HealthcareApis/workspaces/fhirservices/resources/hardDelete/action" + ] + } + ], + "createdOn": "2020-03-17T18:55:35.2413335Z", + "updatedOn": "2021-11-11T20:14:24.1442783Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/3f88fce4-5892-4214-ae73-ba5294559913", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "3f88fce4-5892-4214-ae73-ba5294559913" + }, + { + "properties": { + "roleName": "Experimentation Reader", + "type": "BuiltInRole", + "description": "Experimentation Reader", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Experimentation/experimentWorkspaces/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Experimentation/experimentWorkspaces/read", + "Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-03-25T18:05:14.8375678Z", + "updatedOn": "2021-11-11T20:14:24.5042390Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/49632ef5-d9ac-41f4-b8e7-bbe587fa74a1", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "49632ef5-d9ac-41f4-b8e7-bbe587fa74a1" + }, + { + "properties": { + "roleName": "Object Understanding Account Owner", + "type": "BuiltInRole", + "description": "Provides user with ingestion capabilities for Azure Object Understanding.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.MixedReality/ObjectUnderstandingAccounts/ingest/action", + "Microsoft.MixedReality/ObjectUnderstandingAccounts/ingest/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-04-22T19:15:09.0697923Z", + "updatedOn": "2021-11-11T20:14:26.8743132Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/4dd61c23-6743-42fe-a388-d8bdd41cb745", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "4dd61c23-6743-42fe-a388-d8bdd41cb745" + }, + { + "properties": { + "roleName": "Azure Maps Data Contributor", + "type": "BuiltInRole", + "description": "Grants access to read, write, and delete access to map related data from an Azure maps account.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Maps/accounts/*/read", + "Microsoft.Maps/accounts/*/write", + "Microsoft.Maps/accounts/*/delete", + "Microsoft.Maps/accounts/*/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-05-07T20:55:05.0645410Z", + "updatedOn": "2021-11-11T20:14:28.3092598Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204" + }, + { + "properties": { + "roleName": "Cognitive Services Custom Vision Contributor", + "type": "BuiltInRole", + "description": "Full access to the project, including the ability to view, create, edit, or delete projects.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CognitiveServices/*/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/accounts/CustomVision/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-05-08T23:47:07.0779345Z", + "updatedOn": "2021-11-11T20:14:28.8342655Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/c1ff6cc2-c111-46fe-8896-e0ef812ad9f3", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "c1ff6cc2-c111-46fe-8896-e0ef812ad9f3" + }, + { + "properties": { + "roleName": "Cognitive Services Custom Vision Deployment", + "type": "BuiltInRole", + "description": "Publish, unpublish or export models. Deployment can view the project but can\u2019t update.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CognitiveServices/*/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/accounts/CustomVision/*/read", + "Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*", + "Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*", + "Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*", + "Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*", + "Microsoft.CognitiveServices/accounts/CustomVision/classify/*", + "Microsoft.CognitiveServices/accounts/CustomVision/detect/*" + ], + "notDataActions": [ + "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read" + ] + } + ], + "createdOn": "2020-05-09T01:31:05.9528620Z", + "updatedOn": "2021-11-11T20:14:29.0142669Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/5c4089e1-6d96-4d2f-b296-c1bc7137275f", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "5c4089e1-6d96-4d2f-b296-c1bc7137275f" + }, + { + "properties": { + "roleName": "Cognitive Services Custom Vision Labeler", + "type": "BuiltInRole", + "description": "View, edit training images and create, add, remove, or delete the image tags. Labelers can view the project but can\u2019t update anything other than training images and tags.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CognitiveServices/*/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/accounts/CustomVision/*/read", + "Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action", + "Microsoft.CognitiveServices/accounts/CustomVision/projects/images/*", + "Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/*", + "Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/*", + "Microsoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action" + ], + "notDataActions": [ + "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read" + ] + } + ], + "createdOn": "2020-05-09T01:33:20.8278896Z", + "updatedOn": "2021-11-11T20:14:29.1892871Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/88424f51-ebe7-446f-bc41-7fa16989e96c", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "88424f51-ebe7-446f-bc41-7fa16989e96c" + }, + { + "properties": { + "roleName": "Cognitive Services Custom Vision Reader", + "type": "BuiltInRole", + "description": "Read-only actions in the project. Readers can\u2019t create or update the project.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CognitiveServices/*/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/accounts/CustomVision/*/read", + "Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action" + ], + "notDataActions": [ + "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read" + ] + } + ], + "createdOn": "2020-05-09T01:34:18.5328818Z", + "updatedOn": "2021-11-11T20:14:29.3642707Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/93586559-c37d-4a6b-ba08-b9f0940c2d73", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "93586559-c37d-4a6b-ba08-b9f0940c2d73" + }, + { + "properties": { + "roleName": "Cognitive Services Custom Vision Trainer", + "type": "BuiltInRole", + "description": "View, edit projects and train the models, including the ability to publish, unpublish, export the models. Trainers can\u2019t create or delete the project.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CognitiveServices/*/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/accounts/CustomVision/*" + ], + "notDataActions": [ + "Microsoft.CognitiveServices/accounts/CustomVision/projects/action", + "Microsoft.CognitiveServices/accounts/CustomVision/projects/delete", + "Microsoft.CognitiveServices/accounts/CustomVision/projects/import/action", + "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read" + ] + } + ], + "createdOn": "2020-05-09T01:35:13.8147804Z", + "updatedOn": "2021-11-11T20:14:29.5442713Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/0a5ae4ab-0d65-4eeb-be61-29fc9b54394b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "0a5ae4ab-0d65-4eeb-be61-29fc9b54394b" + }, + { + "properties": { + "roleName": "Key Vault Administrator", + "type": "BuiltInRole", + "description": "Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. Cannot manage key vault resources or manage role assignments. Only works for key vaults that use the \u0027Azure role-based access control\u0027 permission model.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.KeyVault/checkNameAvailability/read", + "Microsoft.KeyVault/deletedVaults/read", + "Microsoft.KeyVault/locations/*/read", + "Microsoft.KeyVault/vaults/*/read", + "Microsoft.KeyVault/operations/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.KeyVault/vaults/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-05-19T17:52:46.2349235Z", + "updatedOn": "2021-11-11T20:14:30.2542755Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/00482a5a-887f-4fb3-b363-3b7fe8e74483", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "00482a5a-887f-4fb3-b363-3b7fe8e74483" + }, + { + "properties": { + "roleName": "Key Vault Crypto User", + "type": "BuiltInRole", + "description": "Perform cryptographic operations using keys. Only works for key vaults that use the \u0027Azure role-based access control\u0027 permission model.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.KeyVault/vaults/keys/read", + "Microsoft.KeyVault/vaults/keys/update/action", + "Microsoft.KeyVault/vaults/keys/backup/action", + "Microsoft.KeyVault/vaults/keys/encrypt/action", + "Microsoft.KeyVault/vaults/keys/decrypt/action", + "Microsoft.KeyVault/vaults/keys/wrap/action", + "Microsoft.KeyVault/vaults/keys/unwrap/action", + "Microsoft.KeyVault/vaults/keys/sign/action", + "Microsoft.KeyVault/vaults/keys/verify/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-05-19T17:52:47.0699268Z", + "updatedOn": "2021-11-11T20:14:30.6042921Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/12338af0-0e69-4776-bea7-57ae8d297424", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "12338af0-0e69-4776-bea7-57ae8d297424" + }, + { + "properties": { + "roleName": "Key Vault Secrets Officer", + "type": "BuiltInRole", + "description": "Perform any action on the secrets of a key vault, except manage permissions. Only works for key vaults that use the \u0027Azure role-based access control\u0027 permission model.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.KeyVault/checkNameAvailability/read", + "Microsoft.KeyVault/deletedVaults/read", + "Microsoft.KeyVault/locations/*/read", + "Microsoft.KeyVault/vaults/*/read", + "Microsoft.KeyVault/operations/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.KeyVault/vaults/secrets/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-05-19T17:52:47.1449242Z", + "updatedOn": "2021-11-11T20:14:30.7793470Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/b86a8fe4-44ce-4948-aee5-eccb2c155cd7", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "b86a8fe4-44ce-4948-aee5-eccb2c155cd7" + }, + { + "properties": { + "roleName": "Key Vault Secrets User", + "type": "BuiltInRole", + "description": "Read secret contents. Only works for key vaults that use the \u0027Azure role-based access control\u0027 permission model.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.KeyVault/vaults/secrets/getSecret/action", + "Microsoft.KeyVault/vaults/secrets/readMetadata/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-05-19T17:52:47.2049241Z", + "updatedOn": "2021-11-11T20:14:30.9542829Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/4633458b-17de-408a-b874-0445c86b69e6", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "4633458b-17de-408a-b874-0445c86b69e6" + }, + { + "properties": { + "roleName": "Key Vault Certificates Officer", + "type": "BuiltInRole", + "description": "Perform any action on the certificates of a key vault, except manage permissions. Only works for key vaults that use the \u0027Azure role-based access control\u0027 permission model.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.KeyVault/checkNameAvailability/read", + "Microsoft.KeyVault/deletedVaults/read", + "Microsoft.KeyVault/locations/*/read", + "Microsoft.KeyVault/vaults/*/read", + "Microsoft.KeyVault/operations/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.KeyVault/vaults/certificatecas/*", + "Microsoft.KeyVault/vaults/certificates/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-05-19T17:52:47.2499247Z", + "updatedOn": "2021-11-11T20:14:31.1292967Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a4417e6f-fecd-4de8-b567-7b0420556985", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a4417e6f-fecd-4de8-b567-7b0420556985" + }, + { + "properties": { + "roleName": "Key Vault Reader", + "type": "BuiltInRole", + "description": "Read metadata of key vaults and its certificates, keys, and secrets. Cannot read sensitive values such as secret contents or key material. Only works for key vaults that use the \u0027Azure role-based access control\u0027 permission model.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.KeyVault/checkNameAvailability/read", + "Microsoft.KeyVault/deletedVaults/read", + "Microsoft.KeyVault/locations/*/read", + "Microsoft.KeyVault/vaults/*/read", + "Microsoft.KeyVault/operations/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.KeyVault/vaults/*/read", + "Microsoft.KeyVault/vaults/secrets/readMetadata/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-05-19T17:52:47.2949294Z", + "updatedOn": "2021-11-11T20:14:31.3043292Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/21090545-7ca7-4776-b22c-e363652d74d2", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "21090545-7ca7-4776-b22c-e363652d74d2" + }, + { + "properties": { + "roleName": "Key Vault Crypto Service Encryption User", + "type": "BuiltInRole", + "description": "Read metadata of keys and perform wrap/unwrap operations. Only works for key vaults that use the \u0027Azure role-based access control\u0027 permission model.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.EventGrid/eventSubscriptions/write", + "Microsoft.EventGrid/eventSubscriptions/read", + "Microsoft.EventGrid/eventSubscriptions/delete" + ], + "notActions": [], + "dataActions": [ + "Microsoft.KeyVault/vaults/keys/read", + "Microsoft.KeyVault/vaults/keys/wrap/action", + "Microsoft.KeyVault/vaults/keys/unwrap/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-05-20T20:55:19.2398470Z", + "updatedOn": "2021-11-11T20:14:31.8443056Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/e147488a-f6f5-4113-8e2d-b22465e65bf6", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "e147488a-f6f5-4113-8e2d-b22465e65bf6" + }, + { + "properties": { + "roleName": "Azure Arc Kubernetes Viewer", + "type": "BuiltInRole", + "description": "Lets you view all resources in cluster/namespace, except secrets.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/write", + "Microsoft.Resources/subscriptions/operationresults/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/read", + "Microsoft.Kubernetes/connectedClusters/apps/daemonsets/read", + "Microsoft.Kubernetes/connectedClusters/apps/deployments/read", + "Microsoft.Kubernetes/connectedClusters/apps/replicasets/read", + "Microsoft.Kubernetes/connectedClusters/apps/statefulsets/read", + "Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/read", + "Microsoft.Kubernetes/connectedClusters/batch/cronjobs/read", + "Microsoft.Kubernetes/connectedClusters/batch/jobs/read", + "Microsoft.Kubernetes/connectedClusters/configmaps/read", + "Microsoft.Kubernetes/connectedClusters/endpoints/read", + "Microsoft.Kubernetes/connectedClusters/events.k8s.io/events/read", + "Microsoft.Kubernetes/connectedClusters/events/read", + "Microsoft.Kubernetes/connectedClusters/extensions/daemonsets/read", + "Microsoft.Kubernetes/connectedClusters/extensions/deployments/read", + "Microsoft.Kubernetes/connectedClusters/extensions/ingresses/read", + "Microsoft.Kubernetes/connectedClusters/extensions/networkpolicies/read", + "Microsoft.Kubernetes/connectedClusters/extensions/replicasets/read", + "Microsoft.Kubernetes/connectedClusters/limitranges/read", + "Microsoft.Kubernetes/connectedClusters/namespaces/read", + "Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/read", + "Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/read", + "Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/read", + "Microsoft.Kubernetes/connectedClusters/pods/read", + "Microsoft.Kubernetes/connectedClusters/policy/poddisruptionbudgets/read", + "Microsoft.Kubernetes/connectedClusters/replicationcontrollers/read", + "Microsoft.Kubernetes/connectedClusters/replicationcontrollers/read", + "Microsoft.Kubernetes/connectedClusters/resourcequotas/read", + "Microsoft.Kubernetes/connectedClusters/serviceaccounts/read", + "Microsoft.Kubernetes/connectedClusters/services/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-06-12T20:51:12.8801199Z", + "updatedOn": "2021-11-11T20:14:33.8193353Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/63f0a09d-1495-4db4-a681-037d84835eb4", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "63f0a09d-1495-4db4-a681-037d84835eb4" + }, + { + "properties": { + "roleName": "Azure Arc Kubernetes Writer", + "type": "BuiltInRole", + "description": "Lets you update everything in cluster/namespace, except (cluster)roles and (cluster)role bindings.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/write", + "Microsoft.Resources/subscriptions/operationresults/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/read", + "Microsoft.Kubernetes/connectedClusters/apps/daemonsets/*", + "Microsoft.Kubernetes/connectedClusters/apps/deployments/*", + "Microsoft.Kubernetes/connectedClusters/apps/replicasets/*", + "Microsoft.Kubernetes/connectedClusters/apps/statefulsets/*", + "Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/*", + "Microsoft.Kubernetes/connectedClusters/batch/cronjobs/*", + "Microsoft.Kubernetes/connectedClusters/batch/jobs/*", + "Microsoft.Kubernetes/connectedClusters/configmaps/*", + "Microsoft.Kubernetes/connectedClusters/endpoints/*", + "Microsoft.Kubernetes/connectedClusters/events.k8s.io/events/read", + "Microsoft.Kubernetes/connectedClusters/events/read", + "Microsoft.Kubernetes/connectedClusters/extensions/daemonsets/*", + "Microsoft.Kubernetes/connectedClusters/extensions/deployments/*", + "Microsoft.Kubernetes/connectedClusters/extensions/ingresses/*", + "Microsoft.Kubernetes/connectedClusters/extensions/networkpolicies/*", + "Microsoft.Kubernetes/connectedClusters/extensions/replicasets/*", + "Microsoft.Kubernetes/connectedClusters/limitranges/read", + "Microsoft.Kubernetes/connectedClusters/namespaces/read", + "Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/*", + "Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/*", + "Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/*", + "Microsoft.Kubernetes/connectedClusters/pods/*", + "Microsoft.Kubernetes/connectedClusters/policy/poddisruptionbudgets/*", + "Microsoft.Kubernetes/connectedClusters/replicationcontrollers/*", + "Microsoft.Kubernetes/connectedClusters/replicationcontrollers/*", + "Microsoft.Kubernetes/connectedClusters/resourcequotas/read", + "Microsoft.Kubernetes/connectedClusters/secrets/*", + "Microsoft.Kubernetes/connectedClusters/serviceaccounts/*", + "Microsoft.Kubernetes/connectedClusters/services/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-06-12T20:53:50.6749823Z", + "updatedOn": "2021-11-11T20:14:34.0043462Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/5b999177-9696-4545-85c7-50de3797e5a1", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "5b999177-9696-4545-85c7-50de3797e5a1" + }, + { + "properties": { + "roleName": "Azure Arc Kubernetes Cluster Admin", + "type": "BuiltInRole", + "description": "Lets you manage all resources in the cluster.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/write", + "Microsoft.Resources/subscriptions/operationresults/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Kubernetes/connectedClusters/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-06-12T20:55:30.9910462Z", + "updatedOn": "2021-11-11T20:14:34.1743694Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/8393591c-06b9-48a2-a542-1bd6b377f6a2", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "8393591c-06b9-48a2-a542-1bd6b377f6a2" + }, + { + "properties": { + "roleName": "Azure Arc Kubernetes Admin", + "type": "BuiltInRole", + "description": "Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/write", + "Microsoft.Resources/subscriptions/operationresults/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/read", + "Microsoft.Kubernetes/connectedClusters/apps/daemonsets/*", + "Microsoft.Kubernetes/connectedClusters/apps/deployments/*", + "Microsoft.Kubernetes/connectedClusters/apps/replicasets/*", + "Microsoft.Kubernetes/connectedClusters/apps/statefulsets/*", + "Microsoft.Kubernetes/connectedClusters/authorization.k8s.io/localsubjectaccessreviews/write", + "Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/*", + "Microsoft.Kubernetes/connectedClusters/batch/cronjobs/*", + "Microsoft.Kubernetes/connectedClusters/batch/jobs/*", + "Microsoft.Kubernetes/connectedClusters/configmaps/*", + "Microsoft.Kubernetes/connectedClusters/endpoints/*", + "Microsoft.Kubernetes/connectedClusters/events.k8s.io/events/read", + "Microsoft.Kubernetes/connectedClusters/events/read", + "Microsoft.Kubernetes/connectedClusters/extensions/daemonsets/*", + "Microsoft.Kubernetes/connectedClusters/extensions/deployments/*", + "Microsoft.Kubernetes/connectedClusters/extensions/ingresses/*", + "Microsoft.Kubernetes/connectedClusters/extensions/networkpolicies/*", + "Microsoft.Kubernetes/connectedClusters/extensions/replicasets/*", + "Microsoft.Kubernetes/connectedClusters/limitranges/read", + "Microsoft.Kubernetes/connectedClusters/namespaces/read", + "Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/*", + "Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/*", + "Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/*", + "Microsoft.Kubernetes/connectedClusters/pods/*", + "Microsoft.Kubernetes/connectedClusters/policy/poddisruptionbudgets/*", + "Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/rolebindings/*", + "Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/roles/*", + "Microsoft.Kubernetes/connectedClusters/replicationcontrollers/*", + "Microsoft.Kubernetes/connectedClusters/replicationcontrollers/*", + "Microsoft.Kubernetes/connectedClusters/resourcequotas/read", + "Microsoft.Kubernetes/connectedClusters/secrets/*", + "Microsoft.Kubernetes/connectedClusters/serviceaccounts/*", + "Microsoft.Kubernetes/connectedClusters/services/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-06-12T20:57:06.0391177Z", + "updatedOn": "2021-11-11T20:14:34.3593384Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/dffb1e0c-446f-4dde-a09f-99eb5cc68b96", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "dffb1e0c-446f-4dde-a09f-99eb5cc68b96" + }, + { + "properties": { + "roleName": "Azure Kubernetes Service RBAC Cluster Admin", + "type": "BuiltInRole", + "description": "Lets you manage all resources in the cluster.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/operationresults/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action" + ], + "notActions": [], + "dataActions": [ + "Microsoft.ContainerService/managedClusters/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-07-02T17:47:24.4071415Z", + "updatedOn": "2022-10-13T03:34:52.0122969Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b" + }, + { + "properties": { + "roleName": "Azure Kubernetes Service RBAC Admin", + "type": "BuiltInRole", + "description": "Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/operationresults/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action" + ], + "notActions": [], + "dataActions": [ + "Microsoft.ContainerService/managedClusters/*" + ], + "notDataActions": [ + "Microsoft.ContainerService/managedClusters/resourcequotas/write", + "Microsoft.ContainerService/managedClusters/resourcequotas/delete", + "Microsoft.ContainerService/managedClusters/namespaces/write", + "Microsoft.ContainerService/managedClusters/namespaces/delete" + ] + } + ], + "createdOn": "2020-07-02T17:50:30.4020311Z", + "updatedOn": "2022-10-13T03:34:52.0122969Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/3498e952-d568-435e-9b2c-8d77e338d7f7", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "3498e952-d568-435e-9b2c-8d77e338d7f7" + }, + { + "properties": { + "roleName": "Azure Kubernetes Service RBAC Reader", + "type": "BuiltInRole", + "description": "Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/operationresults/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read", + "Microsoft.ContainerService/managedClusters/apps/daemonsets/read", + "Microsoft.ContainerService/managedClusters/apps/deployments/read", + "Microsoft.ContainerService/managedClusters/apps/replicasets/read", + "Microsoft.ContainerService/managedClusters/apps/statefulsets/read", + "Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/read", + "Microsoft.ContainerService/managedClusters/batch/cronjobs/read", + "Microsoft.ContainerService/managedClusters/batch/jobs/read", + "Microsoft.ContainerService/managedClusters/configmaps/read", + "Microsoft.ContainerService/managedClusters/endpoints/read", + "Microsoft.ContainerService/managedClusters/events.k8s.io/events/read", + "Microsoft.ContainerService/managedClusters/events/read", + "Microsoft.ContainerService/managedClusters/extensions/daemonsets/read", + "Microsoft.ContainerService/managedClusters/extensions/deployments/read", + "Microsoft.ContainerService/managedClusters/extensions/ingresses/read", + "Microsoft.ContainerService/managedClusters/extensions/networkpolicies/read", + "Microsoft.ContainerService/managedClusters/extensions/replicasets/read", + "Microsoft.ContainerService/managedClusters/limitranges/read", + "Microsoft.ContainerService/managedClusters/namespaces/read", + "Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/read", + "Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/read", + "Microsoft.ContainerService/managedClusters/persistentvolumeclaims/read", + "Microsoft.ContainerService/managedClusters/pods/read", + "Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/read", + "Microsoft.ContainerService/managedClusters/replicationcontrollers/read", + "Microsoft.ContainerService/managedClusters/replicationcontrollers/read", + "Microsoft.ContainerService/managedClusters/resourcequotas/read", + "Microsoft.ContainerService/managedClusters/serviceaccounts/read", + "Microsoft.ContainerService/managedClusters/services/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-07-02T17:53:05.5728294Z", + "updatedOn": "2022-10-13T03:34:52.0122969Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/7f6c6a51-bcf8-42ba-9220-52d62157d7db", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "7f6c6a51-bcf8-42ba-9220-52d62157d7db" + }, + { + "properties": { + "roleName": "Azure Kubernetes Service RBAC Writer", + "type": "BuiltInRole", + "description": "Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/operationresults/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read", + "Microsoft.ContainerService/managedClusters/apps/daemonsets/*", + "Microsoft.ContainerService/managedClusters/apps/deployments/*", + "Microsoft.ContainerService/managedClusters/apps/replicasets/*", + "Microsoft.ContainerService/managedClusters/apps/statefulsets/*", + "Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/*", + "Microsoft.ContainerService/managedClusters/batch/cronjobs/*", + "Microsoft.ContainerService/managedClusters/batch/jobs/*", + "Microsoft.ContainerService/managedClusters/configmaps/*", + "Microsoft.ContainerService/managedClusters/endpoints/*", + "Microsoft.ContainerService/managedClusters/events.k8s.io/events/read", + "Microsoft.ContainerService/managedClusters/events/read", + "Microsoft.ContainerService/managedClusters/extensions/daemonsets/*", + "Microsoft.ContainerService/managedClusters/extensions/deployments/*", + "Microsoft.ContainerService/managedClusters/extensions/ingresses/*", + "Microsoft.ContainerService/managedClusters/extensions/networkpolicies/*", + "Microsoft.ContainerService/managedClusters/extensions/replicasets/*", + "Microsoft.ContainerService/managedClusters/limitranges/read", + "Microsoft.ContainerService/managedClusters/namespaces/read", + "Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/*", + "Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/*", + "Microsoft.ContainerService/managedClusters/persistentvolumeclaims/*", + "Microsoft.ContainerService/managedClusters/pods/*", + "Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/*", + "Microsoft.ContainerService/managedClusters/replicationcontrollers/*", + "Microsoft.ContainerService/managedClusters/replicationcontrollers/*", + "Microsoft.ContainerService/managedClusters/resourcequotas/read", + "Microsoft.ContainerService/managedClusters/secrets/*", + "Microsoft.ContainerService/managedClusters/serviceaccounts/*", + "Microsoft.ContainerService/managedClusters/services/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-07-02T17:54:51.9644983Z", + "updatedOn": "2022-10-13T03:34:52.0122969Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb" + }, + { + "properties": { + "roleName": "Services Hub Operator", + "type": "BuiltInRole", + "description": "Services Hub Operator allows you to perform all read, write, and deletion operations related to Services Hub Connectors.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/deployments/*", + "Microsoft.ServicesHub/connectors/write", + "Microsoft.ServicesHub/connectors/read", + "Microsoft.ServicesHub/connectors/delete", + "Microsoft.ServicesHub/connectors/checkAssessmentEntitlement/action", + "Microsoft.ServicesHub/supportOfferingEntitlement/read", + "Microsoft.ServicesHub/workspaces/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-07-20T17:57:22.0644902Z", + "updatedOn": "2021-11-11T20:14:37.5544021Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/82200a5b-e217-47a5-b665-6d8765ee745b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "82200a5b-e217-47a5-b665-6d8765ee745b" + }, + { + "properties": { + "roleName": "Object Understanding Account Reader", + "type": "BuiltInRole", + "description": "Lets you read ingestion jobs for an object understanding account.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.MixedReality/ObjectUnderstandingAccounts/ingest/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-07-23T19:16:31.9929119Z", + "updatedOn": "2021-11-11T20:14:37.9070085Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/d18777c0-1514-4662-8490-608db7d334b6", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "d18777c0-1514-4662-8490-608db7d334b6" + }, + { + "properties": { + "roleName": "SignalR REST API Owner", + "type": "BuiltInRole", + "description": "Full access to Azure SignalR Service REST APIs", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.SignalRService/SignalR/auth/clientToken/action", + "Microsoft.SignalRService/SignalR/hub/send/action", + "Microsoft.SignalRService/SignalR/group/send/action", + "Microsoft.SignalRService/SignalR/group/read", + "Microsoft.SignalRService/SignalR/group/write", + "Microsoft.SignalRService/SignalR/clientConnection/send/action", + "Microsoft.SignalRService/SignalR/clientConnection/read", + "Microsoft.SignalRService/SignalR/clientConnection/write", + "Microsoft.SignalRService/SignalR/user/send/action", + "Microsoft.SignalRService/SignalR/user/read", + "Microsoft.SignalRService/SignalR/user/write" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-07-29T09:35:32.2764751Z", + "updatedOn": "2021-11-11T20:14:38.8028020Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/fd53cd77-2268-407a-8f46-7e7863d0f521", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "fd53cd77-2268-407a-8f46-7e7863d0f521" + }, + { + "properties": { + "roleName": "Collaborative Data Contributor", + "type": "BuiltInRole", + "description": "Can manage data packages of a collaborative.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.IndustryDataLifecycle/custodianCollaboratives/*/read", + "Microsoft.IndustryDataLifecycle/memberCollaboratives/*/read", + "Microsoft.IndustryDataLifecycle/locations/dataPackages/*", + "Microsoft.IndustryDataLifecycle/custodianCollaboratives/receivedDataPackages/*", + "Microsoft.IndustryDataLifecycle/custodianCollaboratives/rejectDataPackage/action", + "Microsoft.IndustryDataLifecycle/memberCollaboratives/sharedDataPackages/*", + "Microsoft.IndustryDataLifecycle/custodianCollaboratives/dataModels/*", + "Microsoft.IndustryDataLifecycle/custodianCollaboratives/auditLogs/action", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-08-14T11:58:31.8973556Z", + "updatedOn": "2021-11-11T20:14:40.2428145Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/daa9e50b-21df-454c-94a6-a8050adab352", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "daa9e50b-21df-454c-94a6-a8050adab352" + }, + { + "properties": { + "roleName": "Device Update Reader", + "type": "BuiltInRole", + "description": "Gives you read access to management and content operations, but does not allow making changes", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.Insights/alertRules/*" + ], + "notActions": [], + "dataActions": [ + "Microsoft.DeviceUpdate/accounts/instances/updates/read", + "Microsoft.DeviceUpdate/accounts/instances/management/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-08-21T23:40:19.2373610Z", + "updatedOn": "2021-11-11T20:14:40.7922672Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f" + }, + { + "properties": { + "roleName": "Device Update Administrator", + "type": "BuiltInRole", + "description": "Gives you full access to management and content operations", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.Insights/alertRules/*" + ], + "notActions": [], + "dataActions": [ + "Microsoft.DeviceUpdate/accounts/instances/updates/read", + "Microsoft.DeviceUpdate/accounts/instances/updates/write", + "Microsoft.DeviceUpdate/accounts/instances/updates/delete", + "Microsoft.DeviceUpdate/accounts/instances/management/read", + "Microsoft.DeviceUpdate/accounts/instances/management/write", + "Microsoft.DeviceUpdate/accounts/instances/management/delete" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-08-21T23:56:22.3520510Z", + "updatedOn": "2021-11-11T20:14:40.9672678Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/02ca0879-e8e4-47a5-a61e-5c618b76e64a", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "02ca0879-e8e4-47a5-a61e-5c618b76e64a" + }, + { + "properties": { + "roleName": "Device Update Content Administrator", + "type": "BuiltInRole", + "description": "Gives you full access to content operations", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.Insights/alertRules/*" + ], + "notActions": [], + "dataActions": [ + "Microsoft.DeviceUpdate/accounts/instances/updates/read", + "Microsoft.DeviceUpdate/accounts/instances/updates/write", + "Microsoft.DeviceUpdate/accounts/instances/updates/delete" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-08-21T23:58:18.4255500Z", + "updatedOn": "2021-11-11T20:14:41.1433368Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/0378884a-3af5-44ab-8323-f5b22f9f3c98", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "0378884a-3af5-44ab-8323-f5b22f9f3c98" + }, + { + "properties": { + "roleName": "Device Update Content Reader", + "type": "BuiltInRole", + "description": "Gives you read access to content operations, but does not allow making changes", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.Insights/alertRules/*" + ], + "notActions": [], + "dataActions": [ + "Microsoft.DeviceUpdate/accounts/instances/updates/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-08-22T00:02:43.3299181Z", + "updatedOn": "2021-11-11T20:14:41.6754856Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/d1ee9a80-8b14-47f0-bdc2-f4a351625a7b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "d1ee9a80-8b14-47f0-bdc2-f4a351625a7b" + }, + { + "properties": { + "roleName": "Cognitive Services Metrics Advisor Administrator", + "type": "BuiltInRole", + "description": "Full access to the project, including the system level configuration.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CognitiveServices/*/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/accounts/MetricsAdvisor/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-09-10T07:46:47.5804491Z", + "updatedOn": "2021-11-11T20:14:43.6930781Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/cb43c632-a144-4ec5-977c-e80c4affc34a", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "cb43c632-a144-4ec5-977c-e80c4affc34a" + }, + { + "properties": { + "roleName": "Cognitive Services Metrics Advisor User", + "type": "BuiltInRole", + "description": "Access to the project.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CognitiveServices/*/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/accounts/MetricsAdvisor/*" + ], + "notDataActions": [ + "Microsoft.CognitiveServices/accounts/MetricsAdvisor/stats/*" + ] + } + ], + "createdOn": "2020-09-10T07:47:59.6195639Z", + "updatedOn": "2021-11-11T20:14:43.8780761Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/3b20f47b-3825-43cb-8114-4bd2201156a8", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "3b20f47b-3825-43cb-8114-4bd2201156a8" + }, + { + "properties": { + "roleName": "Schema Registry Reader (Preview)", + "type": "BuiltInRole", + "description": "Read and list Schema Registry groups and schemas.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.EventHub/namespaces/schemagroups/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.EventHub/namespaces/schemas/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-09-13T06:31:38.0272740Z", + "updatedOn": "2021-11-11T20:14:44.6350450Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/2c56ea50-c6b3-40a6-83c0-9d98858bc7d2", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "2c56ea50-c6b3-40a6-83c0-9d98858bc7d2" + }, + { + "properties": { + "roleName": "Schema Registry Contributor (Preview)", + "type": "BuiltInRole", + "description": "Read, write, and delete Schema Registry groups and schemas.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.EventHub/namespaces/schemagroups/*" + ], + "notActions": [], + "dataActions": [ + "Microsoft.EventHub/namespaces/schemas/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-09-13T06:48:26.6032931Z", + "updatedOn": "2021-11-11T20:14:44.8200370Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/5dffeca3-4936-4216-b2bc-10343a5abb25", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "5dffeca3-4936-4216-b2bc-10343a5abb25" + }, + { + "properties": { + "roleName": "AgFood Platform Service Reader", + "type": "BuiltInRole", + "description": "Provides read access to AgFood Platform Service", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.AgFoodPlatform/*/list/action", + "Microsoft.AgFoodPlatform/*/read", + "Microsoft.AgFoodPlatform/*/search/action", + "Microsoft.AgFoodPlatform/*/download/action", + "Microsoft.AgFoodPlatform/*/overlap/action", + "Microsoft.AgFoodPlatform/*/checkConsent/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-09-14T10:21:08.9138820Z", + "updatedOn": "2022-12-13T18:12:05.0978624Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/7ec7ccdc-f61e-41fe-9aaf-980df0a44eba", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "7ec7ccdc-f61e-41fe-9aaf-980df0a44eba" + }, + { + "properties": { + "roleName": "AgFood Platform Service Contributor", + "type": "BuiltInRole", + "description": "Provides contribute access to AgFood Platform Service", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.AgFoodPlatform/*/action", + "Microsoft.AgFoodPlatform/*/read", + "Microsoft.AgFoodPlatform/*/write" + ], + "notDataActions": [ + "Microsoft.AgFoodPlatform/farmBeats/farmers/write", + "Microsoft.AgFoodPlatform/farmBeats/deletionJobs/*/write", + "Microsoft.AgFoodPlatform/farmBeats/parties/write" + ] + } + ], + "createdOn": "2020-09-14T10:21:09.7239169Z", + "updatedOn": "2023-01-24T16:29:47.1058325Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/8508508a-4469-4e45-963b-2518ee0bb728", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "8508508a-4469-4e45-963b-2518ee0bb728" + }, + { + "properties": { + "roleName": "AgFood Platform Service Admin", + "type": "BuiltInRole", + "description": "Provides admin access to AgFood Platform Service", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.AgFoodPlatform/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-09-14T10:21:09.8039209Z", + "updatedOn": "2021-11-11T20:14:45.3613128Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/f8da80de-1ff9-4747-ad80-a19b7f6079e3", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "f8da80de-1ff9-4747-ad80-a19b7f6079e3" + }, + { + "properties": { + "roleName": "Managed HSM contributor", + "type": "BuiltInRole", + "description": "Lets you manage managed HSM pools, but not access to them.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.KeyVault/managedHSMs/*", + "Microsoft.KeyVault/deletedManagedHsms/read", + "Microsoft.KeyVault/locations/deletedManagedHsms/read", + "Microsoft.KeyVault/locations/deletedManagedHsms/purge/action", + "Microsoft.KeyVault/locations/managedHsmOperationResults/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-09-16T21:47:01.1291104Z", + "updatedOn": "2022-03-08T02:37:43.9379644Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/18500a29-7fe2-46b2-a342-b16a415e101d", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "18500a29-7fe2-46b2-a342-b16a415e101d" + }, + { + "properties": { + "roleName": "Security Detonation Chamber Submitter", + "type": "BuiltInRole", + "description": "Allowed to create submissions to Security Detonation Chamber", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.SecurityDetonation/chambers/submissions/delete", + "Microsoft.SecurityDetonation/chambers/submissions/write", + "Microsoft.SecurityDetonation/chambers/submissions/read", + "Microsoft.SecurityDetonation/chambers/submissions/files/read", + "Microsoft.SecurityDetonation/chambers/submissions/accesskeyview/read", + "Microsoft.SecurityDetonation/chambers/platforms/metadata/read", + "Microsoft.SecurityDetonation/chambers/workflows/metadata/read", + "Microsoft.SecurityDetonation/chambers/toolsets/metadata/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-10-01T08:55:21.3980274Z", + "updatedOn": "2021-11-11T20:14:47.5471350Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/0b555d9b-b4a7-4f43-b330-627f0e5be8f0", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "0b555d9b-b4a7-4f43-b330-627f0e5be8f0" + }, + { + "properties": { + "roleName": "SignalR REST API Reader", + "type": "BuiltInRole", + "description": "Read-only access to Azure SignalR Service REST APIs", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.SignalRService/SignalR/group/read", + "Microsoft.SignalRService/SignalR/clientConnection/read", + "Microsoft.SignalRService/SignalR/user/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-10-13T09:19:05.6463616Z", + "updatedOn": "2021-11-11T20:14:48.7902970Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ddde6b66-c0df-4114-a159-3618637b3035", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ddde6b66-c0df-4114-a159-3618637b3035" + }, + { + "properties": { + "roleName": "SignalR Service Owner", + "type": "BuiltInRole", + "description": "Full access to Azure SignalR Service REST APIs", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.SignalRService/SignalR/auth/accessKey/action", + "Microsoft.SignalRService/SignalR/auth/clientToken/action", + "Microsoft.SignalRService/SignalR/hub/send/action", + "Microsoft.SignalRService/SignalR/group/send/action", + "Microsoft.SignalRService/SignalR/group/read", + "Microsoft.SignalRService/SignalR/group/write", + "Microsoft.SignalRService/SignalR/clientConnection/send/action", + "Microsoft.SignalRService/SignalR/clientConnection/read", + "Microsoft.SignalRService/SignalR/clientConnection/write", + "Microsoft.SignalRService/SignalR/serverConnection/write", + "Microsoft.SignalRService/SignalR/user/send/action", + "Microsoft.SignalRService/SignalR/user/read", + "Microsoft.SignalRService/SignalR/user/write", + "Microsoft.SignalRService/SignalR/livetrace/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-10-13T09:20:32.1501410Z", + "updatedOn": "2022-09-15T08:35:06.3883218Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/7e4f1700-ea5a-4f59-8f37-079cfe29dce3", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "7e4f1700-ea5a-4f59-8f37-079cfe29dce3" + }, + { + "properties": { + "roleName": "Reservation Purchaser", + "type": "BuiltInRole", + "description": "Lets you purchase reservations", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/roleAssignments/read", + "Microsoft.Capacity/catalogs/read", + "Microsoft.Capacity/register/action", + "Microsoft.Compute/register/action", + "Microsoft.Consumption/register/action", + "Microsoft.Consumption/reservationRecommendationDetails/read", + "Microsoft.Consumption/reservationRecommendations/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.SQL/register/action", + "Microsoft.Support/supporttickets/write" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-10-23T20:22:48.9217751Z", + "updatedOn": "2022-04-14T04:21:57.2843545Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/f7b75c60-3036-4b75-91c3-6b41c27c1689", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "f7b75c60-3036-4b75-91c3-6b41c27c1689" + }, + { + "properties": { + "roleName": "AzureML Metrics Writer (preview)", + "type": "BuiltInRole", + "description": "Lets you write metrics to AzureML workspace", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.MachineLearningServices/workspaces/metrics/*/write" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-10-27T16:55:19.5664950Z", + "updatedOn": "2021-11-11T20:14:49.8655015Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/635dd51f-9968-44d3-b7fb-6d9a6bd613ae", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "635dd51f-9968-44d3-b7fb-6d9a6bd613ae" + }, + { + "properties": { + "roleName": "Storage Account Backup Contributor", + "type": "BuiltInRole", + "description": "Lets you perform backup and restore operations using Azure Backup on the storage account.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Authorization/locks/read", + "Microsoft.Authorization/locks/write", + "Microsoft.Authorization/locks/delete", + "Microsoft.Features/features/read", + "Microsoft.Features/providers/features/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Storage/operations/read", + "Microsoft.Storage/storageAccounts/objectReplicationPolicies/delete", + "Microsoft.Storage/storageAccounts/objectReplicationPolicies/read", + "Microsoft.Storage/storageAccounts/objectReplicationPolicies/write", + "Microsoft.Storage/storageAccounts/objectReplicationPolicies/restorePointMarkers/write", + "Microsoft.Storage/storageAccounts/blobServices/containers/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/write", + "Microsoft.Storage/storageAccounts/blobServices/read", + "Microsoft.Storage/storageAccounts/blobServices/write", + "Microsoft.Storage/storageAccounts/read", + "Microsoft.Storage/storageAccounts/restoreBlobRanges/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-11-02T23:32:50.4203469Z", + "updatedOn": "2022-04-20T07:52:04.6883613Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1" + }, + { + "properties": { + "roleName": "Experimentation Metric Contributor", + "type": "BuiltInRole", + "description": "Allows for creation, writes and reads to the metric set via the metrics service APIs.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Experimentation/experimentWorkspaces/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/read", + "Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/metricwrite/action", + "Microsoft.Experimentation/experimentWorkspaces/metricwrite/action", + "Microsoft.Experimentation/experimentWorkspaces/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-11-10T20:07:53.7535885Z", + "updatedOn": "2021-11-11T20:14:50.9524177Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/6188b7c9-7d01-4f99-a59f-c88b630326c0", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "6188b7c9-7d01-4f99-a59f-c88b630326c0" + }, + { + "properties": { + "roleName": "Project Babylon Data Curator", + "type": "BuiltInRole", + "description": "The Microsoft.ProjectBabylon data curator can create, read, modify and delete catalog data objects and establish relationships between objects. This role is in preview and subject to change.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ProjectBabylon/accounts/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.ProjectBabylon/accounts/data/read", + "Microsoft.ProjectBabylon/accounts/data/write" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-11-14T02:31:33.7988825Z", + "updatedOn": "2021-11-11T20:14:51.4929515Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/9ef4ef9c-a049-46b0-82ab-dd8ac094c889", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "9ef4ef9c-a049-46b0-82ab-dd8ac094c889" + }, + { + "properties": { + "roleName": "Project Babylon Data Reader", + "type": "BuiltInRole", + "description": "The Microsoft.ProjectBabylon data reader can read catalog data objects. This role is in preview and subject to change.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ProjectBabylon/accounts/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.ProjectBabylon/accounts/data/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-11-14T02:33:13.5342351Z", + "updatedOn": "2021-11-11T20:14:51.6729667Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/c8d896ba-346d-4f50-bc1d-7d1c84130446", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "c8d896ba-346d-4f50-bc1d-7d1c84130446" + }, + { + "properties": { + "roleName": "Project Babylon Data Source Administrator", + "type": "BuiltInRole", + "description": "The Microsoft.ProjectBabylon data source administrator can manage data sources and data scans. This role is in preview and subject to change.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ProjectBabylon/accounts/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.ProjectBabylon/accounts/scan/read", + "Microsoft.ProjectBabylon/accounts/scan/write" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-11-14T02:34:01.8401954Z", + "updatedOn": "2021-11-11T20:14:51.8529643Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/05b7651b-dc44-475e-b74d-df3db49fae0f", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "05b7651b-dc44-475e-b74d-df3db49fae0f" + }, + { + "properties": { + "roleName": "Application Group Contributor", + "type": "BuiltInRole", + "description": "Contributor of the Application Group.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.DesktopVirtualization/applicationgroups/*", + "Microsoft.DesktopVirtualization/hostpools/read", + "Microsoft.DesktopVirtualization/hostpools/sessionhosts/read", + "Microsoft.DesktopVirtualization/workspaces/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-12-03T23:26:00.2784962Z", + "updatedOn": "2021-11-11T20:14:52.9432015Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ca6382a4-1721-4bcf-a114-ff0c70227b6b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ca6382a4-1721-4bcf-a114-ff0c70227b6b" + }, + { + "properties": { + "roleName": "Desktop Virtualization Reader", + "type": "BuiltInRole", + "description": "Reader of Desktop Virtualization.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.DesktopVirtualization/*/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/deployments/read", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-12-11T21:36:19.0140629Z", + "updatedOn": "2021-11-11T20:14:54.0407838Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/49a72310-ab8d-41df-bbb0-79b649203868", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "49a72310-ab8d-41df-bbb0-79b649203868" + }, + { + "properties": { + "roleName": "Desktop Virtualization Contributor", + "type": "BuiltInRole", + "description": "Contributor of Desktop Virtualization.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.DesktopVirtualization/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-12-11T21:37:16.2910337Z", + "updatedOn": "2021-11-11T20:14:54.2107872Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/082f0a83-3be5-4ba1-904c-961cca79b387", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "082f0a83-3be5-4ba1-904c-961cca79b387" + }, + { + "properties": { + "roleName": "Desktop Virtualization Workspace Contributor", + "type": "BuiltInRole", + "description": "Contributor of the Desktop Virtualization Workspace.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.DesktopVirtualization/workspaces/*", + "Microsoft.DesktopVirtualization/applicationgroups/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-12-11T21:38:29.6089216Z", + "updatedOn": "2021-11-11T20:14:54.3907854Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/21efdde3-836f-432b-bf3d-3e8e734d4b2b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "21efdde3-836f-432b-bf3d-3e8e734d4b2b" + }, + { + "properties": { + "roleName": "Desktop Virtualization User Session Operator", + "type": "BuiltInRole", + "description": "Operator of the Desktop Virtualization Uesr Session.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.DesktopVirtualization/hostpools/read", + "Microsoft.DesktopVirtualization/hostpools/sessionhosts/read", + "Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-12-11T21:39:16.9100273Z", + "updatedOn": "2021-11-11T20:14:54.5657970Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6" + }, + { + "properties": { + "roleName": "Desktop Virtualization Session Host Operator", + "type": "BuiltInRole", + "description": "Operator of the Desktop Virtualization Session Host.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.DesktopVirtualization/hostpools/read", + "Microsoft.DesktopVirtualization/hostpools/sessionhosts/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-12-11T21:39:53.2569741Z", + "updatedOn": "2021-11-11T20:14:54.7508042Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/2ad6aaab-ead9-4eaa-8ac5-da422f562408", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "2ad6aaab-ead9-4eaa-8ac5-da422f562408" + }, + { + "properties": { + "roleName": "Desktop Virtualization Host Pool Reader", + "type": "BuiltInRole", + "description": "Reader of the Desktop Virtualization Host Pool.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.DesktopVirtualization/hostpools/*/read", + "Microsoft.DesktopVirtualization/hostpools/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/deployments/read", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-12-11T21:40:33.1430834Z", + "updatedOn": "2021-11-11T20:14:54.9257967Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ceadfde2-b300-400a-ab7b-6143895aa822", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ceadfde2-b300-400a-ab7b-6143895aa822" + }, + { + "properties": { + "roleName": "Desktop Virtualization Host Pool Contributor", + "type": "BuiltInRole", + "description": "Contributor of the Desktop Virtualization Host Pool.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.DesktopVirtualization/hostpools/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-12-11T21:40:57.2976187Z", + "updatedOn": "2021-11-11T20:14:55.1057701Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/e307426c-f9b6-4e81-87de-d99efb3c32bc", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "e307426c-f9b6-4e81-87de-d99efb3c32bc" + }, + { + "properties": { + "roleName": "Desktop Virtualization Application Group Reader", + "type": "BuiltInRole", + "description": "Reader of the Desktop Virtualization Application Group.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.DesktopVirtualization/applicationgroups/*/read", + "Microsoft.DesktopVirtualization/applicationgroups/read", + "Microsoft.DesktopVirtualization/hostpools/read", + "Microsoft.DesktopVirtualization/hostpools/sessionhosts/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/deployments/read", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-12-11T21:41:18.0287398Z", + "updatedOn": "2021-11-11T20:14:55.2858006Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/aebf23d0-b568-4e86-b8f9-fe83a2c6ab55", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "aebf23d0-b568-4e86-b8f9-fe83a2c6ab55" + }, + { + "properties": { + "roleName": "Desktop Virtualization Application Group Contributor", + "type": "BuiltInRole", + "description": "Contributor of the Desktop Virtualization Application Group.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.DesktopVirtualization/applicationgroups/*", + "Microsoft.DesktopVirtualization/hostpools/read", + "Microsoft.DesktopVirtualization/hostpools/sessionhosts/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-12-11T21:41:38.6205531Z", + "updatedOn": "2021-11-11T20:14:55.4677136Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/86240b0e-9422-4c43-887b-b61143f32ba8", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "86240b0e-9422-4c43-887b-b61143f32ba8" + }, + { + "properties": { + "roleName": "Desktop Virtualization Workspace Reader", + "type": "BuiltInRole", + "description": "Reader of the Desktop Virtualization Workspace.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.DesktopVirtualization/workspaces/read", + "Microsoft.DesktopVirtualization/applicationgroups/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/deployments/read", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-12-11T21:41:58.1892707Z", + "updatedOn": "2021-11-11T20:14:55.6577168Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/0fa44ee9-7a7d-466b-9bb2-2bf446b1204d", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "0fa44ee9-7a7d-466b-9bb2-2bf446b1204d" + }, + { + "properties": { + "roleName": "Disk Backup Reader", + "type": "BuiltInRole", + "description": "Provides permission to backup vault to perform disk backup.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Compute/disks/read", + "Microsoft.Compute/disks/beginGetAccess/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-12-15T07:39:03.8394514Z", + "updatedOn": "2021-11-11T20:14:56.0178737Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/3e5e47e6-65f7-47ef-90b5-e5dd4d455f24", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "3e5e47e6-65f7-47ef-90b5-e5dd4d455f24" + }, + { + "properties": { + "roleName": "Disk Restore Operator", + "type": "BuiltInRole", + "description": "Provides permission to backup vault to perform disk restore.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Compute/disks/write", + "Microsoft.Compute/disks/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-12-15T12:18:31.8481619Z", + "updatedOn": "2021-11-11T20:14:56.7408912Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/b50d9833-a0cb-478e-945f-707fcc997c13", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "b50d9833-a0cb-478e-945f-707fcc997c13" + }, + { + "properties": { + "roleName": "Disk Snapshot Contributor", + "type": "BuiltInRole", + "description": "Provides permission to backup vault to manage disk snapshots.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Compute/snapshots/delete", + "Microsoft.Compute/snapshots/write", + "Microsoft.Compute/snapshots/read", + "Microsoft.Compute/snapshots/beginGetAccess/action", + "Microsoft.Compute/snapshots/endGetAccess/action", + "Microsoft.Compute/disks/beginGetAccess/action", + "Microsoft.Storage/storageAccounts/listkeys/action", + "Microsoft.Storage/storageAccounts/write", + "Microsoft.Storage/storageAccounts/read", + "Microsoft.Storage/storageAccounts/delete" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-12-15T12:18:51.4471411Z", + "updatedOn": "2021-11-11T20:14:56.9158814Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/7efff54f-a5b4-42b5-a1c5-5411624893ce", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "7efff54f-a5b4-42b5-a1c5-5411624893ce" + }, + { + "properties": { + "roleName": "Microsoft.Kubernetes connected cluster role", + "type": "BuiltInRole", + "description": "Microsoft.Kubernetes connected cluster role.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Kubernetes/connectedClusters/read", + "Microsoft.Kubernetes/connectedClusters/write", + "Microsoft.Kubernetes/connectedClusters/delete", + "Microsoft.Kubernetes/registeredSubscriptions/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-01-07T23:57:10.9923232Z", + "updatedOn": "2021-11-11T20:14:58.2039838Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/5548b2cf-c94c-4228-90ba-30851930a12f", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "5548b2cf-c94c-4228-90ba-30851930a12f" + }, + { + "properties": { + "roleName": "Security Detonation Chamber Submission Manager", + "type": "BuiltInRole", + "description": "Allowed to create and manage submissions to Security Detonation Chamber", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.SecurityDetonation/chambers/submissions/delete", + "Microsoft.SecurityDetonation/chambers/submissions/write", + "Microsoft.SecurityDetonation/chambers/submissions/read", + "Microsoft.SecurityDetonation/chambers/submissions/files/read", + "Microsoft.SecurityDetonation/chambers/submissions/accesskeyview/read", + "Microsoft.SecurityDetonation/chambers/submissions/adminview/read", + "Microsoft.SecurityDetonation/chambers/submissions/analystview/read", + "Microsoft.SecurityDetonation/chambers/submissions/publicview/read", + "Microsoft.SecurityDetonation/chambers/platforms/metadata/read", + "Microsoft.SecurityDetonation/chambers/workflows/metadata/read", + "Microsoft.SecurityDetonation/chambers/toolsets/metadata/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-01-18T09:35:36.5739297Z", + "updatedOn": "2021-11-11T20:14:58.3939604Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a37b566d-3efa-4beb-a2f2-698963fa42ce", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a37b566d-3efa-4beb-a2f2-698963fa42ce" + }, + { + "properties": { + "roleName": "Security Detonation Chamber Publisher", + "type": "BuiltInRole", + "description": "Allowed to publish and modify platforms, workflows and toolsets to Security Detonation Chamber", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.SecurityDetonation/chambers/platforms/read", + "Microsoft.SecurityDetonation/chambers/platforms/write", + "Microsoft.SecurityDetonation/chambers/platforms/delete", + "Microsoft.SecurityDetonation/chambers/platforms/metadata/read", + "Microsoft.SecurityDetonation/chambers/workflows/read", + "Microsoft.SecurityDetonation/chambers/workflows/write", + "Microsoft.SecurityDetonation/chambers/workflows/delete", + "Microsoft.SecurityDetonation/chambers/workflows/metadata/read", + "Microsoft.SecurityDetonation/chambers/toolsets/read", + "Microsoft.SecurityDetonation/chambers/toolsets/write", + "Microsoft.SecurityDetonation/chambers/toolsets/delete", + "Microsoft.SecurityDetonation/chambers/toolsets/metadata/read", + "Microsoft.SecurityDetonation/chambers/publishRequests/read", + "Microsoft.SecurityDetonation/chambers/publishRequests/cancel/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-01-18T11:43:14.0858184Z", + "updatedOn": "2021-11-11T20:14:58.5639749Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/352470b3-6a9c-4686-b503-35deb827e500", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "352470b3-6a9c-4686-b503-35deb827e500" + }, + { + "properties": { + "roleName": "Collaborative Runtime Operator", + "type": "BuiltInRole", + "description": "Can manage resources created by AICS at runtime", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.IndustryDataLifecycle/derivedModels/*", + "Microsoft.IndustryDataLifecycle/pipelineSets/*", + "Microsoft.IndustryDataLifecycle/modelMappings/*", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-01-19T10:00:27.3464971Z", + "updatedOn": "2021-11-11T20:14:58.7442136Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/7a6f0e70-c033-4fb1-828c-08514e5f4102", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "7a6f0e70-c033-4fb1-828c-08514e5f4102" + }, + { + "properties": { + "roleName": "CosmosRestoreOperator", + "type": "BuiltInRole", + "description": "Can perform restore action for Cosmos DB database account with continuous backup mode", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.DocumentDB/locations/restorableDatabaseAccounts/restore/action", + "Microsoft.DocumentDB/locations/restorableDatabaseAccounts/*/read", + "Microsoft.DocumentDB/locations/restorableDatabaseAccounts/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-01-21T19:51:35.3884884Z", + "updatedOn": "2021-11-11T20:14:59.4892686Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/5432c526-bc82-444a-b7ba-57c5b0b5b34f", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "5432c526-bc82-444a-b7ba-57c5b0b5b34f" + }, + { + "properties": { + "roleName": "FHIR Data Converter", + "type": "BuiltInRole", + "description": "Role allows user or principal to convert data from legacy format to FHIR", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.HealthcareApis/services/fhir/resources/convertData/action", + "Microsoft.HealthcareApis/workspaces/fhirservices/resources/convertData/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-01-22T19:39:01.1601069Z", + "updatedOn": "2021-11-11T20:14:59.8605937Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a1705bd2-3a8f-45a5-8683-466fcfd5cc24" + }, + { + "properties": { + "roleName": "Quota Request Operator", + "type": "BuiltInRole", + "description": "Read and create quota requests, get quota request status, and create support tickets.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Capacity/resourceProviders/locations/serviceLimits/read", + "Microsoft.Capacity/resourceProviders/locations/serviceLimits/write", + "Microsoft.Capacity/resourceProviders/locations/serviceLimitsRequests/read", + "Microsoft.Capacity/register/action", + "Microsoft.Quota/usages/read", + "Microsoft.Quota/quotas/read", + "Microsoft.Quota/quotas/write", + "Microsoft.Quota/quotaRequests/read", + "Microsoft.Quota/register/action", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-02-03T00:06:35.8404575Z", + "updatedOn": "2022-12-07T23:49:01.9455627Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/0e5f05e5-9ab9-446b-b98d-1e2157c94125", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "0e5f05e5-9ab9-446b-b98d-1e2157c94125" + }, + { + "properties": { + "roleName": "EventGrid Contributor", + "type": "BuiltInRole", + "description": "Lets you manage EventGrid operations.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.EventGrid/*", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-02-08T18:46:18.8999557Z", + "updatedOn": "2021-11-11T20:15:01.6867802Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "1e241071-0855-49ea-94dc-649edcd759de" + }, + { + "properties": { + "roleName": "Security Detonation Chamber Reader", + "type": "BuiltInRole", + "description": "Allowed to query submission info and files from Security Detonation Chamber", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.SecurityDetonation/chambers/submissions/read", + "Microsoft.SecurityDetonation/chambers/submissions/files/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-03-01T14:06:46.2814905Z", + "updatedOn": "2021-11-11T20:15:03.3274090Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/28241645-39f8-410b-ad48-87863e2951d5", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "28241645-39f8-410b-ad48-87863e2951d5" + }, + { + "properties": { + "roleName": "Object Anchors Account Reader", + "type": "BuiltInRole", + "description": "Lets you read ingestion jobs for an object anchors account.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.MixedReality/ObjectAnchorsAccounts/ingest/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-03-02T01:20:47.0279813Z", + "updatedOn": "2021-11-11T20:15:03.5006082Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/4a167cdf-cb95-4554-9203-2347fe489bd9", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "4a167cdf-cb95-4554-9203-2347fe489bd9" + }, + { + "properties": { + "roleName": "Object Anchors Account Owner", + "type": "BuiltInRole", + "description": "Provides user with ingestion capabilities for an object anchors account.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.MixedReality/ObjectAnchorsAccounts/ingest/action", + "Microsoft.MixedReality/ObjectAnchorsAccounts/ingest/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-03-02T01:42:02.0014737Z", + "updatedOn": "2021-11-11T20:15:03.6855873Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ca0835dd-bacc-42dd-8ed2-ed5e7230d15b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ca0835dd-bacc-42dd-8ed2-ed5e7230d15b" + }, + { + "properties": { + "roleName": "WorkloadBuilder Migration Agent Role", + "type": "BuiltInRole", + "description": "WorkloadBuilder Migration Agent Role.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.WorkloadBuilder/migrationAgents/Read", + "Microsoft.WorkloadBuilder/migrationAgents/Write" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-03-11T17:07:20.0828003Z", + "updatedOn": "2021-11-11T20:15:04.2456706Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/d17ce0a2-0697-43bc-aac5-9113337ab61c", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "d17ce0a2-0697-43bc-aac5-9113337ab61c" + }, + { + "properties": { + "roleName": "Azure Spring Cloud Data Reader", + "type": "BuiltInRole", + "description": "Allow read access to Azure Spring Cloud Data", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.AppPlatform/Spring/*/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-03-25T11:12:12.6786010Z", + "updatedOn": "2021-11-11T20:15:05.3368606Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/b5537268-8956-4941-a8f0-646150406f0c", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "b5537268-8956-4941-a8f0-646150406f0c" + }, + { + "properties": { + "roleName": "Cognitive Services Speech Contributor", + "type": "BuiltInRole", + "description": "Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CognitiveServices/*/read", + "Microsoft.Authorization/roleAssignments/read", + "Microsoft.Authorization/roleDefinitions/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/accounts/SpeechServices/*", + "Microsoft.CognitiveServices/accounts/CustomVoice/*", + "Microsoft.CognitiveServices/accounts/AudioContentCreation/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-03-30T11:28:49.7826633Z", + "updatedOn": "2022-05-23T19:12:17.2452043Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/0e75ca1e-0464-4b4d-8b93-68208a576181", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "0e75ca1e-0464-4b4d-8b93-68208a576181" + }, + { + "properties": { + "roleName": "Cognitive Services Face Recognizer", + "type": "BuiltInRole", + "description": "Lets you perform detect, verify, identify, group, and find similar operations on Face API. This role does not allow create or delete operations, which makes it well suited for endpoints that only need inferencing capabilities, following \u0027least privilege\u0027 best practices.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/accounts/Face/detect/action", + "Microsoft.CognitiveServices/accounts/Face/verify/action", + "Microsoft.CognitiveServices/accounts/Face/identify/action", + "Microsoft.CognitiveServices/accounts/Face/group/action", + "Microsoft.CognitiveServices/accounts/Face/findsimilars/action", + "Microsoft.CognitiveServices/accounts/Face/detectliveness/multimodal/action", + "Microsoft.CognitiveServices/accounts/Face/detectliveness/singlemodal/action", + "Microsoft.CognitiveServices/accounts/Face/detectlivenesswithverify/singlemodal/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-03-31T01:51:41.3557295Z", + "updatedOn": "2023-03-23T22:20:10.2843613Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/9894cab4-e18a-44aa-828b-cb588cd6f2d7", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "9894cab4-e18a-44aa-828b-cb588cd6f2d7" + }, + { + "properties": { + "roleName": "Media Services Account Administrator", + "type": "BuiltInRole", + "description": "Create, read, modify, and delete Media Services accounts; read-only access to other Media Services resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Insights/metrics/read", + "Microsoft.Insights/metricDefinitions/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Media/mediaservices/*/read", + "Microsoft.Media/mediaservices/assets/listStreamingLocators/action", + "Microsoft.Media/mediaservices/streamingLocators/listPaths/action", + "Microsoft.Media/mediaservices/write", + "Microsoft.Media/mediaservices/delete", + "Microsoft.Media/mediaservices/privateEndpointConnectionsApproval/action", + "Microsoft.Media/mediaservices/privateEndpointConnections/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-04-19T23:20:32.2956636Z", + "updatedOn": "2021-11-11T20:15:07.1518844Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/054126f8-9a2b-4f1c-a9ad-eca461f08466", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "054126f8-9a2b-4f1c-a9ad-eca461f08466" + }, + { + "properties": { + "roleName": "Media Services Live Events Administrator", + "type": "BuiltInRole", + "description": "Create, read, modify, and delete Live Events, Assets, Asset Filters, and Streaming Locators; read-only access to other Media Services resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Insights/metrics/read", + "Microsoft.Insights/metricDefinitions/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Media/mediaservices/*/read", + "Microsoft.Media/mediaservices/assets/*", + "Microsoft.Media/mediaservices/assets/assetfilters/*", + "Microsoft.Media/mediaservices/streamingLocators/*", + "Microsoft.Media/mediaservices/liveEvents/*" + ], + "notActions": [ + "Microsoft.Media/mediaservices/assets/getEncryptionKey/action", + "Microsoft.Media/mediaservices/streamingLocators/listContentKeys/action" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-04-19T23:21:00.6119555Z", + "updatedOn": "2021-11-11T20:15:07.3318873Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/532bc159-b25e-42c0-969e-a1d439f60d77", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "532bc159-b25e-42c0-969e-a1d439f60d77" + }, + { + "properties": { + "roleName": "Media Services Media Operator", + "type": "BuiltInRole", + "description": "Create, read, modify, and delete Assets, Asset Filters, Streaming Locators, and Jobs; read-only access to other Media Services resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Insights/metrics/read", + "Microsoft.Insights/metricDefinitions/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Media/mediaservices/*/read", + "Microsoft.Media/mediaservices/assets/*", + "Microsoft.Media/mediaservices/assets/assetfilters/*", + "Microsoft.Media/mediaservices/streamingLocators/*", + "Microsoft.Media/mediaservices/transforms/jobs/*" + ], + "notActions": [ + "Microsoft.Media/mediaservices/assets/getEncryptionKey/action", + "Microsoft.Media/mediaservices/streamingLocators/listContentKeys/action" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-04-19T23:21:23.2236495Z", + "updatedOn": "2021-11-11T20:15:07.5068487Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/e4395492-1534-4db2-bedf-88c14621589c", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "e4395492-1534-4db2-bedf-88c14621589c" + }, + { + "properties": { + "roleName": "Media Services Policy Administrator", + "type": "BuiltInRole", + "description": "Create, read, modify, and delete Account Filters, Streaming Policies, Content Key Policies, and Transforms; read-only access to other Media Services resources. Cannot create Jobs, Assets or Streaming resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Insights/metrics/read", + "Microsoft.Insights/metricDefinitions/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Media/mediaservices/*/read", + "Microsoft.Media/mediaservices/assets/listStreamingLocators/action", + "Microsoft.Media/mediaservices/streamingLocators/listPaths/action", + "Microsoft.Media/mediaservices/accountFilters/*", + "Microsoft.Media/mediaservices/streamingPolicies/*", + "Microsoft.Media/mediaservices/contentKeyPolicies/*", + "Microsoft.Media/mediaservices/transforms/*" + ], + "notActions": [ + "Microsoft.Media/mediaservices/contentKeyPolicies/getPolicyPropertiesWithSecrets/action" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-04-19T23:21:46.9534330Z", + "updatedOn": "2021-11-11T20:15:07.6968496Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/c4bba371-dacd-4a26-b320-7250bca963ae", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "c4bba371-dacd-4a26-b320-7250bca963ae" + }, + { + "properties": { + "roleName": "Media Services Streaming Endpoints Administrator", + "type": "BuiltInRole", + "description": "Create, read, modify, and delete Streaming Endpoints; read-only access to other Media Services resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Insights/metrics/read", + "Microsoft.Insights/metricDefinitions/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Media/mediaservices/*/read", + "Microsoft.Media/mediaservices/assets/listStreamingLocators/action", + "Microsoft.Media/mediaservices/streamingLocators/listPaths/action", + "Microsoft.Media/mediaservices/streamingEndpoints/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-04-19T23:22:04.4594851Z", + "updatedOn": "2021-11-11T20:15:07.8718907Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/99dba123-b5fe-44d5-874c-ced7199a5804", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "99dba123-b5fe-44d5-874c-ced7199a5804" + }, + { + "properties": { + "roleName": "Stream Analytics Query Tester", + "type": "BuiltInRole", + "description": "Lets you perform query testing without creating a stream analytics job first", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.StreamAnalytics/locations/TestQuery/action", + "Microsoft.StreamAnalytics/locations/OperationResults/read", + "Microsoft.StreamAnalytics/locations/SampleInput/action", + "Microsoft.StreamAnalytics/locations/CompileQuery/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-04-20T17:33:24.5727870Z", + "updatedOn": "2021-11-11T20:15:08.0481551Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf" + }, + { + "properties": { + "roleName": "AnyBuild Builder", + "type": "BuiltInRole", + "description": "Basic user role for AnyBuild. This role allows listing of agent information and execution of remote build capabilities.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.AnyBuild/clusters/build/write", + "Microsoft.AnyBuild/clusters/build/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-04-20T22:07:00.4963853Z", + "updatedOn": "2021-11-11T20:15:08.4254134Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a2138dac-4907-4679-a376-736901ed8ad8", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a2138dac-4907-4679-a376-736901ed8ad8" + }, + { + "properties": { + "roleName": "IoT Hub Data Reader", + "type": "BuiltInRole", + "description": "Allows for full read access to IoT Hub data-plane properties", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Devices/IotHubs/*/read", + "Microsoft.Devices/IotHubs/fileUpload/notifications/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-04-22T18:03:29.8843192Z", + "updatedOn": "2021-11-11T20:15:08.6054154Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/b447c946-2db7-41ec-983d-d8bf3b1c77e3", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "b447c946-2db7-41ec-983d-d8bf3b1c77e3" + }, + { + "properties": { + "roleName": "IoT Hub Twin Contributor", + "type": "BuiltInRole", + "description": "Allows for read and write access to all IoT Hub device and module twins.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Devices/IotHubs/twins/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-04-22T20:36:10.1136903Z", + "updatedOn": "2021-11-11T20:15:08.7855063Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/494bdba2-168f-4f31-a0a1-191d2f7c028c", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "494bdba2-168f-4f31-a0a1-191d2f7c028c" + }, + { + "properties": { + "roleName": "IoT Hub Registry Contributor", + "type": "BuiltInRole", + "description": "Allows for full access to IoT Hub device registry.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Devices/IotHubs/devices/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-04-22T20:36:47.5532704Z", + "updatedOn": "2021-11-11T20:15:08.9804295Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/4ea46cd5-c1b2-4a8e-910b-273211f9ce47", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "4ea46cd5-c1b2-4a8e-910b-273211f9ce47" + }, + { + "properties": { + "roleName": "IoT Hub Data Contributor", + "type": "BuiltInRole", + "description": "Allows for full access to IoT Hub data plane operations.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Devices/IotHubs/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-04-22T20:37:16.9927761Z", + "updatedOn": "2021-11-11T20:15:09.1754206Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/4fc6c259-987e-4a07-842e-c321cc9d413f", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "4fc6c259-987e-4a07-842e-c321cc9d413f" + }, + { + "properties": { + "roleName": "Test Base Reader", + "type": "BuiltInRole", + "description": "Let you view and download packages and test results.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.TestBase/testBaseAccounts/packages/testResults/getDownloadUrl/action", + "Microsoft.TestBase/testBaseAccounts/packages/testResults/getVideoDownloadUrl/action", + "Microsoft.TestBase/testBaseAccounts/packages/getDownloadUrl/action", + "Microsoft.TestBase/*/read", + "Microsoft.TestBase/testBaseAccounts/customerEvents/write", + "Microsoft.TestBase/testBaseAccounts/customerEvents/delete" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-05-11T23:41:33.1038367Z", + "updatedOn": "2021-11-11T20:15:10.8004347Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/15e0f5a1-3450-4248-8e25-e2afe88a9e85", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "15e0f5a1-3450-4248-8e25-e2afe88a9e85" + }, + { + "properties": { + "roleName": "Search Index Data Reader", + "type": "BuiltInRole", + "description": "Grants read access to Azure Cognitive Search index data.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Search/searchServices/indexes/documents/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-06-01T20:26:13.4850461Z", + "updatedOn": "2021-11-11T20:15:11.3604371Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/1407120a-92aa-4202-b7e9-c0e197c71c8f", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "1407120a-92aa-4202-b7e9-c0e197c71c8f" + }, + { + "properties": { + "roleName": "Search Index Data Contributor", + "type": "BuiltInRole", + "description": "Grants full access to Azure Cognitive Search index data.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Search/searchServices/indexes/documents/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-06-01T22:15:16.5388472Z", + "updatedOn": "2021-11-11T20:15:11.5504385Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/8ebe5a00-799e-43f5-93ac-243d3dce84a7", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "8ebe5a00-799e-43f5-93ac-243d3dce84a7" + }, + { + "properties": { + "roleName": "Storage Table Data Reader", + "type": "BuiltInRole", + "description": "Allows for read access to Azure Storage tables and entities", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Storage/storageAccounts/tableServices/tables/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Storage/storageAccounts/tableServices/tables/entities/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-06-15T06:40:54.9150717Z", + "updatedOn": "2021-11-11T20:15:12.1005298Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/76199698-9eea-4c19-bc75-cec21354c6b6", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "76199698-9eea-4c19-bc75-cec21354c6b6" + }, + { + "properties": { + "roleName": "Storage Table Data Contributor", + "type": "BuiltInRole", + "description": "Allows for read, write and delete access to Azure Storage tables and entities", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Storage/storageAccounts/tableServices/tables/read", + "Microsoft.Storage/storageAccounts/tableServices/tables/write", + "Microsoft.Storage/storageAccounts/tableServices/tables/delete" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Storage/storageAccounts/tableServices/tables/entities/read", + "Microsoft.Storage/storageAccounts/tableServices/tables/entities/write", + "Microsoft.Storage/storageAccounts/tableServices/tables/entities/delete", + "Microsoft.Storage/storageAccounts/tableServices/tables/entities/add/action", + "Microsoft.Storage/storageAccounts/tableServices/tables/entities/update/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-06-15T06:51:59.8207610Z", + "updatedOn": "2021-11-11T20:15:12.2854966Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3" + }, + { + "properties": { + "roleName": "DICOM Data Reader", + "type": "BuiltInRole", + "description": "Read and search DICOM data.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.HealthcareApis/workspaces/dicomservices/resources/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-06-17T20:58:30.1630494Z", + "updatedOn": "2021-11-11T20:15:13.0154948Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/e89c7a3c-2f64-4fa1-a847-3e4c9ba4283a", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "e89c7a3c-2f64-4fa1-a847-3e4c9ba4283a" + }, + { + "properties": { + "roleName": "DICOM Data Owner", + "type": "BuiltInRole", + "description": "Full access to DICOM data.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.HealthcareApis/workspaces/dicomservices/resources/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-06-17T20:59:30.8659515Z", + "updatedOn": "2021-11-11T20:15:13.1904985Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/58a3b984-7adf-4c20-983a-32417c86fbc8", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "58a3b984-7adf-4c20-983a-32417c86fbc8" + }, + { + "properties": { + "roleName": "EventGrid Data Sender", + "type": "BuiltInRole", + "description": "Allows send access to event grid events.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.EventGrid/topics/read", + "Microsoft.EventGrid/domains/read", + "Microsoft.EventGrid/partnerNamespaces/read", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.EventGrid/events/send/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-07-02T21:55:40.4847495Z", + "updatedOn": "2021-11-11T20:15:13.5605134Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/d5a91429-5739-47e2-a06b-3470a27159e7", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "d5a91429-5739-47e2-a06b-3470a27159e7" + }, + { + "properties": { + "roleName": "Disk Pool Operator", + "type": "BuiltInRole", + "description": "Used by the StoragePool Resource Provider to manage Disks added to a Disk Pool.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Compute/disks/write", + "Microsoft.Compute/disks/read", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-07-08T17:26:05.1079972Z", + "updatedOn": "2021-11-11T20:15:13.9154612Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/60fc6e62-5479-42d4-8bf4-67625fcc2840", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "60fc6e62-5479-42d4-8bf4-67625fcc2840" + }, + { + "properties": { + "roleName": "AzureML Data Scientist", + "type": "BuiltInRole", + "description": "Can perform all actions within an Azure Machine Learning workspace, except for creating or deleting compute resources and modifying the workspace itself.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.MachineLearningServices/workspaces/*/read", + "Microsoft.MachineLearningServices/workspaces/*/action", + "Microsoft.MachineLearningServices/workspaces/*/delete", + "Microsoft.MachineLearningServices/workspaces/*/write", + "Microsoft.MachineLearningServices/featurestores/read", + "Microsoft.MachineLearningServices/featurestores/checkNameAvailability/read" + ], + "notActions": [ + "Microsoft.MachineLearningServices/workspaces/delete", + "Microsoft.MachineLearningServices/workspaces/write", + "Microsoft.MachineLearningServices/workspaces/computes/*/write", + "Microsoft.MachineLearningServices/workspaces/computes/*/delete", + "Microsoft.MachineLearningServices/workspaces/computes/listKeys/action", + "Microsoft.MachineLearningServices/workspaces/listKeys/action" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-07-14T21:51:06.0361218Z", + "updatedOn": "2023-03-14T15:28:19.3614218Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/f6c7c914-8db3-469d-8ca1-694a8f32e121", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "f6c7c914-8db3-469d-8ca1-694a8f32e121" + }, + { + "properties": { + "roleName": "Grafana Admin", + "type": "BuiltInRole", + "description": "Built-in Grafana admin role", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Dashboard/grafana/ActAsGrafanaAdmin/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-07-15T21:32:35.3802340Z", + "updatedOn": "2021-11-11T20:15:14.8104670Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/22926164-76b3-42b3-bc55-97df8dab3e41", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "22926164-76b3-42b3-bc55-97df8dab3e41" + }, + { + "properties": { + "roleName": "Azure Connected SQL Server Onboarding", + "type": "BuiltInRole", + "description": "Microsoft.AzureArcData\u00A0service\u00A0role\u00A0to\u00A0access\u00A0the\u00A0resources\u00A0of\u00A0Microsoft.AzureArcData\u00A0stored\u00A0with\u00A0RPSAAS.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.AzureArcData/sqlServerInstances/read", + "Microsoft.AzureArcData/sqlServerInstances/write" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-07-19T23:52:15.8885739Z", + "updatedOn": "2021-11-11T20:15:15.1754742Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/e8113dce-c529-4d33-91fa-e9b972617508", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "e8113dce-c529-4d33-91fa-e9b972617508" + }, + { + "properties": { + "roleName": "Azure Relay Sender", + "type": "BuiltInRole", + "description": "Allows for send access to Azure Relay resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Relay/*/wcfRelays/read", + "Microsoft.Relay/*/hybridConnections/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Relay/*/send/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-07-20T15:37:20.7558643Z", + "updatedOn": "2021-11-11T20:15:15.5454755Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/26baccc8-eea7-41f1-98f4-1762cc7f685d", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "26baccc8-eea7-41f1-98f4-1762cc7f685d" + }, + { + "properties": { + "roleName": "Azure Relay Owner", + "type": "BuiltInRole", + "description": "Allows for full access to Azure Relay resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Relay/*" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Relay/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-07-20T15:44:26.3023126Z", + "updatedOn": "2021-11-11T20:15:15.7154782Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/2787bf04-f1f5-4bfe-8383-c8a24483ee38", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "2787bf04-f1f5-4bfe-8383-c8a24483ee38" + }, + { + "properties": { + "roleName": "Azure Relay Listener", + "type": "BuiltInRole", + "description": "Allows for listen access to Azure Relay resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Relay/*/wcfRelays/read", + "Microsoft.Relay/*/hybridConnections/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Relay/*/listen/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-07-20T18:38:03.1437496Z", + "updatedOn": "2021-11-11T20:15:15.9005232Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/26e0b698-aa6d-4085-9386-aadae190014d", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "26e0b698-aa6d-4085-9386-aadae190014d" + }, + { + "properties": { + "roleName": "Grafana Viewer", + "type": "BuiltInRole", + "description": "Built-in Grafana Viewer role", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Dashboard/grafana/ActAsGrafanaViewer/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-08-05T16:36:18.7737511Z", + "updatedOn": "2021-11-11T20:15:16.9904932Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/60921a7e-fef1-4a43-9b16-a26c52ad4769", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "60921a7e-fef1-4a43-9b16-a26c52ad4769" + }, + { + "properties": { + "roleName": "Grafana Editor", + "type": "BuiltInRole", + "description": "Built-in Grafana Editor role", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Dashboard/grafana/ActAsGrafanaEditor/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-08-05T16:37:32.5299593Z", + "updatedOn": "2021-11-11T20:15:17.1805426Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a79a5197-3a5c-4973-a920-486035ffd60f", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a79a5197-3a5c-4973-a920-486035ffd60f" + }, + { + "properties": { + "roleName": "Automation Contributor", + "type": "BuiltInRole", + "description": "Manage azure automation resources and other resources using azure automation.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Automation/automationAccounts/*", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.Insights/ActionGroups/*", + "Microsoft.Insights/ActivityLogAlerts/*", + "Microsoft.Insights/MetricAlerts/*", + "Microsoft.Insights/ScheduledQueryRules/*", + "Microsoft.Insights/diagnosticSettings/*", + "Microsoft.OperationalInsights/workspaces/sharedKeys/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-08-09T10:18:19.1054699Z", + "updatedOn": "2021-11-11T20:15:17.7304954Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/f353d9bd-d4a6-484e-a77a-8050b599b867", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "f353d9bd-d4a6-484e-a77a-8050b599b867" + }, + { + "properties": { + "roleName": "Kubernetes Extension Contributor", + "type": "BuiltInRole", + "description": "Can create, update, get, list and delete Kubernetes Extensions, and get extension async operations", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.KubernetesConfiguration/extensions/write", + "Microsoft.KubernetesConfiguration/extensions/read", + "Microsoft.KubernetesConfiguration/extensions/delete", + "Microsoft.KubernetesConfiguration/extensions/operations/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-08-09T19:47:50.6828896Z", + "updatedOn": "2021-11-11T20:15:17.9155393Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/85cb6faf-e071-4c9b-8136-154b5a04f717", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "85cb6faf-e071-4c9b-8136-154b5a04f717" + }, + { + "properties": { + "roleName": "Device Provisioning Service Data Reader", + "type": "BuiltInRole", + "description": "Allows for full read access to Device Provisioning Service data-plane properties.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Devices/provisioningServices/*/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-08-09T19:53:12.1374732Z", + "updatedOn": "2021-11-11T20:15:18.0905503Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/10745317-c249-44a1-a5ce-3a4353c0bbd8", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "10745317-c249-44a1-a5ce-3a4353c0bbd8" + }, + { + "properties": { + "roleName": "Device Provisioning Service Data Contributor", + "type": "BuiltInRole", + "description": "Allows for full access to Device Provisioning Service data-plane operations.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Devices/provisioningServices/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-08-09T19:54:03.2783227Z", + "updatedOn": "2021-11-11T20:15:18.2605302Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/dfce44e4-17b7-4bd1-a6d1-04996ec95633", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "dfce44e4-17b7-4bd1-a6d1-04996ec95633" + }, + { + "properties": { + "roleName": "Code Signing Certificate Profile Signer", + "type": "BuiltInRole", + "description": "Sign files with a certificate profile. This role is in preview and subject to change.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CodeSigning/*/read", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CodeSigning/certificateProfiles/Sign/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-08-16T23:17:53.0002693Z", + "updatedOn": "2022-12-14T18:18:59.1104270Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/2837e146-70d7-4cfd-ad55-7efa6464f958", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "2837e146-70d7-4cfd-ad55-7efa6464f958" + }, + { + "properties": { + "roleName": "Azure Spring Cloud Service Registry Reader", + "type": "BuiltInRole", + "description": "Allow read access to Azure Spring Cloud Service Registry", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.AppPlatform/Spring/eurekaService/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-08-20T04:40:17.9785063Z", + "updatedOn": "2021-11-11T20:15:18.9655101Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/cff1b556-2399-4e7e-856d-a8f754be7b65", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "cff1b556-2399-4e7e-856d-a8f754be7b65" + }, + { + "properties": { + "roleName": "Azure Spring Cloud Service Registry Contributor", + "type": "BuiltInRole", + "description": "Allow read, write and delete access to Azure Spring Cloud Service Registry", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.AppPlatform/Spring/eurekaService/read", + "Microsoft.AppPlatform/Spring/eurekaService/write", + "Microsoft.AppPlatform/Spring/eurekaService/delete" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-08-20T04:42:38.9153779Z", + "updatedOn": "2021-11-11T20:15:19.1405497Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/f5880b48-c26d-48be-b172-7927bfa1c8f1", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "f5880b48-c26d-48be-b172-7927bfa1c8f1" + }, + { + "properties": { + "roleName": "Azure Spring Cloud Config Server Reader", + "type": "BuiltInRole", + "description": "Allow read access to Azure Spring Cloud Config Server", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.AppPlatform/Spring/configService/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-08-26T01:50:51.5123701Z", + "updatedOn": "2021-11-11T20:15:19.3155517Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/d04c6db6-4947-4782-9e91-30a88feb7be7", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "d04c6db6-4947-4782-9e91-30a88feb7be7" + }, + { + "properties": { + "roleName": "Azure Spring Cloud Config Server Contributor", + "type": "BuiltInRole", + "description": "Allow read, write and delete access to Azure Spring Cloud Config Server", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.AppPlatform/Spring/configService/read", + "Microsoft.AppPlatform/Spring/configService/write", + "Microsoft.AppPlatform/Spring/configService/delete" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-09-06T02:30:47.8611580Z", + "updatedOn": "2021-11-11T20:15:20.0405208Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a06f5c24-21a7-4e1a-aa2b-f19eb6684f5b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a06f5c24-21a7-4e1a-aa2b-f19eb6684f5b" + }, + { + "properties": { + "roleName": "Azure VM Managed identities restore Contributor", + "type": "BuiltInRole", + "description": "Azure VM Managed identities restore Contributors are allowed to perform Azure VM Restores with managed identities both user and system", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-09-13T05:27:59.2180214Z", + "updatedOn": "2021-11-11T20:15:20.5805266Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/6ae96244-5829-4925-a7d3-5975537d91dd", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "6ae96244-5829-4925-a7d3-5975537d91dd" + }, + { + "properties": { + "roleName": "Azure Maps Search and Render Data Reader", + "type": "BuiltInRole", + "description": "Grants access to very limited set of data APIs for common visual web SDK scenarios. Specifically, render and search data APIs.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Maps/accounts/services/render/read", + "Microsoft.Maps/accounts/services/search/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-10-01T22:17:50.5178931Z", + "updatedOn": "2021-11-11T20:15:22.0455410Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/6be48352-4f82-47c9-ad5e-0acacefdb005", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "6be48352-4f82-47c9-ad5e-0acacefdb005" + }, + { + "properties": { + "roleName": "Azure Maps Contributor", + "type": "BuiltInRole", + "description": "Grants access all Azure Maps resource management.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Maps/*", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-10-01T22:19:13.1357904Z", + "updatedOn": "2021-11-11T20:15:22.2455414Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/dba33070-676a-4fb0-87fa-064dc56ff7fb", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "dba33070-676a-4fb0-87fa-064dc56ff7fb" + }, + { + "properties": { + "roleName": "Azure Arc VMware VM Contributor", + "type": "BuiltInRole", + "description": "Arc VMware VM Contributor has permissions to perform all VM actions.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ConnectedVMwarevSphere/virtualmachines/*", + "Microsoft.Insights/AlertRules/Write", + "Microsoft.Insights/AlertRules/Delete", + "Microsoft.Insights/AlertRules/Read", + "Microsoft.Insights/AlertRules/Activated/Action", + "Microsoft.Insights/AlertRules/Resolved/Action", + "Microsoft.Insights/AlertRules/Throttled/Action", + "Microsoft.Insights/AlertRules/Incidents/Read", + "Microsoft.Resources/deployments/read", + "Microsoft.Resources/deployments/write", + "Microsoft.Resources/deployments/delete", + "Microsoft.Resources/deployments/cancel/action", + "Microsoft.Resources/deployments/validate/action", + "Microsoft.Resources/deployments/whatIf/action", + "Microsoft.Resources/deployments/exportTemplate/action", + "Microsoft.Resources/deployments/operations/read", + "Microsoft.Resources/deployments/operationstatuses/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/write", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/subscriptions/operationresults/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-10-18T20:19:53.0087024Z", + "updatedOn": "2021-11-11T20:15:23.8706020Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/b748a06d-6150-4f8a-aaa9-ce3940cd96cb", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "b748a06d-6150-4f8a-aaa9-ce3940cd96cb" + }, + { + "properties": { + "roleName": "Azure Arc VMware Private Cloud User", + "type": "BuiltInRole", + "description": "Azure Arc VMware Private Cloud User has permissions to use the VMware cloud resources to deploy VMs.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Insights/AlertRules/Write", + "Microsoft.Insights/AlertRules/Delete", + "Microsoft.Insights/AlertRules/Read", + "Microsoft.Insights/AlertRules/Activated/Action", + "Microsoft.Insights/AlertRules/Resolved/Action", + "Microsoft.Insights/AlertRules/Throttled/Action", + "Microsoft.Insights/AlertRules/Incidents/Read", + "Microsoft.Resources/deployments/read", + "Microsoft.Resources/deployments/write", + "Microsoft.Resources/deployments/delete", + "Microsoft.Resources/deployments/cancel/action", + "Microsoft.Resources/deployments/validate/action", + "Microsoft.Resources/deployments/whatIf/action", + "Microsoft.Resources/deployments/exportTemplate/action", + "Microsoft.Resources/deployments/operations/read", + "Microsoft.Resources/deployments/operationstatuses/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/write", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/subscriptions/operationresults/read", + "Microsoft.ConnectedVMwarevSphere/virtualnetworks/join/action", + "Microsoft.ConnectedVMwarevSphere/virtualnetworks/Read", + "Microsoft.ConnectedVMwarevSphere/virtualmachinetemplates/clone/action", + "Microsoft.ConnectedVMwarevSphere/virtualmachinetemplates/Read", + "Microsoft.ConnectedVMwarevSphere/resourcepools/deploy/action", + "Microsoft.ConnectedVMwarevSphere/resourcepools/Read", + "Microsoft.ConnectedVMwarevSphere/hosts/deploy/action", + "Microsoft.ConnectedVMwarevSphere/hosts/Read", + "Microsoft.ConnectedVMwarevSphere/clusters/deploy/action", + "Microsoft.ConnectedVMwarevSphere/clusters/Read", + "Microsoft.ConnectedVMwarevSphere/datastores/allocateSpace/action", + "Microsoft.ConnectedVMwarevSphere/datastores/Read", + "Microsoft.ExtendedLocation/customLocations/Read", + "Microsoft.ExtendedLocation/customLocations/deploy/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-10-18T20:20:46.5105444Z", + "updatedOn": "2022-11-14T18:04:31.5896097Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ce551c02-7c42-47e0-9deb-e3b6fc3a9a83", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ce551c02-7c42-47e0-9deb-e3b6fc3a9a83" + }, + { + "properties": { + "roleName": "Azure Arc VMware Administrator role ", + "type": "BuiltInRole", + "description": "Arc VMware VM Contributor has permissions to perform all connected VMwarevSphere actions.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ConnectedVMwarevSphere/*", + "Microsoft.Insights/AlertRules/Write", + "Microsoft.Insights/AlertRules/Delete", + "Microsoft.Insights/AlertRules/Read", + "Microsoft.Insights/AlertRules/Activated/Action", + "Microsoft.Insights/AlertRules/Resolved/Action", + "Microsoft.Insights/AlertRules/Throttled/Action", + "Microsoft.Insights/AlertRules/Incidents/Read", + "Microsoft.Resources/deployments/read", + "Microsoft.Resources/deployments/write", + "Microsoft.Resources/deployments/delete", + "Microsoft.Resources/deployments/cancel/action", + "Microsoft.Resources/deployments/validate/action", + "Microsoft.Resources/deployments/whatIf/action", + "Microsoft.Resources/deployments/exportTemplate/action", + "Microsoft.Resources/deployments/operations/read", + "Microsoft.Resources/deployments/operationstatuses/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/write", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/subscriptions/operationresults/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-11-01T17:12:42.6172725Z", + "updatedOn": "2021-11-11T20:15:25.1275776Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ddc140ed-e463-4246-9145-7c664192013f", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ddc140ed-e463-4246-9145-7c664192013f" + }, + { + "properties": { + "roleName": "Cognitive Services LUIS Owner", + "type": "BuiltInRole", + "description": " Has access to all Read, Test, Write, Deploy and Delete functions under LUIS", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CognitiveServices/*/read", + "Microsoft.CognitiveServices/accounts/listkeys/action", + "Microsoft.Authorization/roleAssignments/read", + "Microsoft.Authorization/roleDefinitions/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/accounts/LUIS/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-11-04T03:28:02.9611800Z", + "updatedOn": "2021-11-11T20:15:25.4884913Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/f72c8140-2111-481c-87ff-72b910f6e3f8", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "f72c8140-2111-481c-87ff-72b910f6e3f8" + }, + { + "properties": { + "roleName": "Cognitive Services Language Reader", + "type": "BuiltInRole", + "description": "Has access to Read and Test functions under Language portal", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CognitiveServices/*/read", + "Microsoft.Authorization/roleAssignments/read", + "Microsoft.Authorization/roleDefinitions/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/accounts/LanguageAuthoring/*/read", + "Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/*/read", + "Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/projects/export/action", + "Microsoft.CognitiveServices/accounts/Language/*/read", + "Microsoft.CognitiveServices/accounts/Language/*/projects/export/action", + "Microsoft.CognitiveServices/accounts/Language/query-text/action", + "Microsoft.CognitiveServices/accounts/Language/query-dataverse/action", + "Microsoft.CognitiveServices/accounts/Language/analyze-text/jobs/action", + "Microsoft.CognitiveServices/accounts/Language/analyze-text/action", + "Microsoft.CognitiveServices/accounts/Language/analyze-text/jobscancel/action", + "Microsoft.CognitiveServices/accounts/Language/analyze-conversations/action", + "Microsoft.CognitiveServices/accounts/Language/analyze-conversations/jobscancel/action", + "Microsoft.CognitiveServices/accounts/Language/analyze-conversations/jobs/action", + "Microsoft.CognitiveServices/accounts/Language/query-knowledgebases/action", + "Microsoft.CognitiveServices/accounts/Language/generate/action", + "Microsoft.CognitiveServices/accounts/TextAnalytics/*" + ], + "notDataActions": [ + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/*" + ] + } + ], + "createdOn": "2021-11-04T03:29:14.7643336Z", + "updatedOn": "2023-03-01T16:11:03.4080312Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/7628b7b8-a8b2-4cdc-b46f-e9b35248918e", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "7628b7b8-a8b2-4cdc-b46f-e9b35248918e" + }, + { + "properties": { + "roleName": "Cognitive Services Language Writer", + "type": "BuiltInRole", + "description": " Has access to all Read, Test, and Write functions under Language Portal", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CognitiveServices/*/read", + "Microsoft.Authorization/roleAssignments/read", + "Microsoft.Authorization/roleDefinitions/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/accounts/LanguageAuthoring/*", + "Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/*", + "Microsoft.CognitiveServices/accounts/Language/*", + "Microsoft.CognitiveServices/accounts/TextAnalytics/*" + ], + "notDataActions": [ + "Microsoft.CognitiveServices/accounts/LanguageAuthoring/projects/publish/action", + "Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/projects/deployments/write", + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/*", + "Microsoft.CognitiveServices/accounts/Language/*/projects/delete", + "Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/write", + "Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/delete", + "Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/swap/action" + ] + } + ], + "createdOn": "2021-11-04T03:29:39.5761019Z", + "updatedOn": "2022-03-30T00:16:38.3744561Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/f2310ca1-dc64-4889-bb49-c8e0fa3d47a8", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "f2310ca1-dc64-4889-bb49-c8e0fa3d47a8" + }, + { + "properties": { + "roleName": "Cognitive Services Language Owner", + "type": "BuiltInRole", + "description": "Has access to all Read, Test, Write, Deploy and Delete functions under Language portal", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CognitiveServices/*/read", + "Microsoft.CognitiveServices/accounts/listkeys/action", + "Microsoft.Authorization/roleAssignments/read", + "Microsoft.Authorization/roleDefinitions/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/accounts/LanguageAuthoring/*", + "Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/*", + "Microsoft.CognitiveServices/accounts/Language/*", + "Microsoft.CognitiveServices/accounts/TextAnalytics/*" + ], + "notDataActions": [ + "Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/*" + ] + } + ], + "createdOn": "2021-11-04T03:30:07.6173528Z", + "updatedOn": "2022-03-30T00:16:39.0775846Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/f07febfe-79bc-46b1-8b37-790e26e6e498", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "f07febfe-79bc-46b1-8b37-790e26e6e498" + }, + { + "properties": { + "roleName": "Cognitive Services LUIS Reader", + "type": "BuiltInRole", + "description": "Has access to Read and Test functions under LUIS.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CognitiveServices/*/read", + "Microsoft.Authorization/roleAssignments/read", + "Microsoft.Authorization/roleDefinitions/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/accounts/LUIS/*/read", + "Microsoft.CognitiveServices/accounts/LUIS/apps/testdatasets/write" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-11-04T03:30:31.2704834Z", + "updatedOn": "2021-11-11T20:15:26.2134821Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/18e81cdc-4e98-4e29-a639-e7d10c5a6226", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "18e81cdc-4e98-4e29-a639-e7d10c5a6226" + }, + { + "properties": { + "roleName": "Cognitive Services LUIS Writer", + "type": "BuiltInRole", + "description": "Has access to all Read, Test, and Write functions under LUIS", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CognitiveServices/*/read", + "Microsoft.Authorization/roleAssignments/read", + "Microsoft.Authorization/roleDefinitions/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/accounts/LUIS/*" + ], + "notDataActions": [ + "Microsoft.CognitiveServices/accounts/LUIS/apps/delete", + "Microsoft.CognitiveServices/accounts/LUIS/apps/move/action", + "Microsoft.CognitiveServices/accounts/LUIS/apps/publish/action", + "Microsoft.CognitiveServices/accounts/LUIS/apps/settings/write", + "Microsoft.CognitiveServices/accounts/LUIS/apps/azureaccounts/action", + "Microsoft.CognitiveServices/accounts/LUIS/apps/azureaccounts/delete" + ] + } + ], + "createdOn": "2021-11-04T03:31:12.1580052Z", + "updatedOn": "2021-11-11T20:15:26.3934523Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/6322a993-d5c9-4bed-b113-e49bbea25b27", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "6322a993-d5c9-4bed-b113-e49bbea25b27" + }, + { + "properties": { + "roleName": "PlayFab Reader", + "type": "BuiltInRole", + "description": "Provides read access to PlayFab resources", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Authorization/*/read", + "Microsoft.PlayFab/*/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-11-04T23:26:57.2248605Z", + "updatedOn": "2021-11-11T20:15:26.5784834Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a9a19cc5-31f4-447c-901f-56c0bb18fcaf", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a9a19cc5-31f4-447c-901f-56c0bb18fcaf" + }, + { + "properties": { + "roleName": "Load Test Contributor", + "type": "BuiltInRole", + "description": "View, create, update, delete and execute load tests. View and list load test resources but can not make any changes.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.LoadTestService/*/read", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Insights/alertRules/*" + ], + "notActions": [], + "dataActions": [ + "Microsoft.LoadTestService/loadtests/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-11-09T08:11:21.0936461Z", + "updatedOn": "2021-11-11T20:15:27.1189225Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/749a398d-560b-491b-bb21-08924219302e", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "749a398d-560b-491b-bb21-08924219302e" + }, + { + "properties": { + "roleName": "Load Test Owner", + "type": "BuiltInRole", + "description": "Execute all operations on load test resources and load tests", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.LoadTestService/*", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Insights/alertRules/*" + ], + "notActions": [], + "dataActions": [ + "Microsoft.LoadTestService/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-11-09T08:12:24.5500195Z", + "updatedOn": "2021-11-11T20:15:27.2897153Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/45bb0b16-2f0c-4e78-afaa-a07599b003f6", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "45bb0b16-2f0c-4e78-afaa-a07599b003f6" + }, + { + "properties": { + "roleName": "PlayFab Contributor", + "type": "BuiltInRole", + "description": "Provides contributor access to PlayFab resources", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.PlayFab/*/read", + "Microsoft.PlayFab/*/write", + "Microsoft.PlayFab/*/delete" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-11-10T00:55:37.3326276Z", + "updatedOn": "2021-11-11T20:15:28.0547167Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/0c8b84dc-067c-4039-9615-fa1a4b77c726", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "0c8b84dc-067c-4039-9615-fa1a4b77c726" + }, + { + "properties": { + "roleName": "Load Test Reader", + "type": "BuiltInRole", + "description": "View and list all load tests and load test resources but can not make any changes", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.LoadTestService/*/read", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Insights/alertRules/*" + ], + "notActions": [], + "dataActions": [ + "Microsoft.LoadTestService/loadtests/readTest/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-11-10T06:14:08.3903105Z", + "updatedOn": "2021-11-11T20:15:28.2297181Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/3ae3fb29-0000-4ccd-bf80-542e7b26e081", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "3ae3fb29-0000-4ccd-bf80-542e7b26e081" + }, + { + "properties": { + "roleName": "Cognitive Services Immersive Reader User", + "type": "BuiltInRole", + "description": "Provides access to create Immersive Reader sessions and call APIs", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/accounts/ImmersiveReader/getcontentmodelforreader/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-11-10T19:52:14.4487503Z", + "updatedOn": "2021-11-11T20:15:28.4146975Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/b2de6794-95db-4659-8781-7e080d3f2b9d", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "b2de6794-95db-4659-8781-7e080d3f2b9d" + }, + { + "properties": { + "roleName": "Lab Services Contributor", + "type": "BuiltInRole", + "description": "The lab services contributor role", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.LabServices/*", + "Microsoft.Insights/alertRules/*", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.LabServices/labPlans/createLab/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-11-11T00:51:03.3308981Z", + "updatedOn": "2021-11-11T20:15:28.7792013Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/f69b8690-cc87-41d6-b77a-a4bc3c0a966f", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "f69b8690-cc87-41d6-b77a-a4bc3c0a966f" + }, + { + "properties": { + "roleName": "Lab Services Reader", + "type": "BuiltInRole", + "description": "The lab services reader role", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.LabServices/*/read", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-11-11T00:55:30.4208618Z", + "updatedOn": "2021-11-11T20:15:28.9592032Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/2a5c394f-5eb7-4d4f-9c8e-e8eae39faebc", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "2a5c394f-5eb7-4d4f-9c8e-e8eae39faebc" + }, + { + "properties": { + "roleName": "Lab Assistant", + "type": "BuiltInRole", + "description": "The lab assistant role", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.LabServices/labPlans/images/read", + "Microsoft.LabServices/labPlans/read", + "Microsoft.LabServices/labs/read", + "Microsoft.LabServices/labs/schedules/read", + "Microsoft.LabServices/labs/users/read", + "Microsoft.LabServices/labs/users/invite/action", + "Microsoft.LabServices/labs/virtualMachines/read", + "Microsoft.LabServices/labs/virtualMachines/start/action", + "Microsoft.LabServices/labs/virtualMachines/stop/action", + "Microsoft.LabServices/labs/virtualMachines/reimage/action", + "Microsoft.LabServices/labs/virtualMachines/redeploy/action", + "Microsoft.LabServices/locations/usages/read", + "Microsoft.LabServices/skus/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-11-11T00:56:10.4295443Z", + "updatedOn": "2021-11-11T20:15:29.1442530Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ce40b423-cede-4313-a93f-9b28290b72e1", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ce40b423-cede-4313-a93f-9b28290b72e1" + }, + { + "properties": { + "roleName": "Lab Operator", + "type": "BuiltInRole", + "description": "The lab operator role", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.LabServices/labPlans/images/read", + "Microsoft.LabServices/labPlans/read", + "Microsoft.LabServices/labPlans/saveImage/action", + "Microsoft.LabServices/labs/publish/action", + "Microsoft.LabServices/labs/read", + "Microsoft.LabServices/labs/schedules/read", + "Microsoft.LabServices/labs/schedules/write", + "Microsoft.LabServices/labs/schedules/delete", + "Microsoft.LabServices/labs/users/read", + "Microsoft.LabServices/labs/users/write", + "Microsoft.LabServices/labs/users/delete", + "Microsoft.LabServices/labs/users/invite/action", + "Microsoft.LabServices/labs/virtualMachines/read", + "Microsoft.LabServices/labs/virtualMachines/start/action", + "Microsoft.LabServices/labs/virtualMachines/stop/action", + "Microsoft.LabServices/labs/virtualMachines/reimage/action", + "Microsoft.LabServices/labs/virtualMachines/redeploy/action", + "Microsoft.LabServices/labs/virtualMachines/resetPassword/action", + "Microsoft.LabServices/locations/usages/read", + "Microsoft.LabServices/skus/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-11-11T00:56:41.9942935Z", + "updatedOn": "2021-11-11T20:15:29.3242664Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a36e6959-b6be-4b12-8e9f-ef4b474d304d", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a36e6959-b6be-4b12-8e9f-ef4b474d304d" + }, + { + "properties": { + "roleName": "Lab Contributor", + "type": "BuiltInRole", + "description": "The lab contributor role", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.LabServices/labPlans/images/read", + "Microsoft.LabServices/labPlans/read", + "Microsoft.LabServices/labPlans/saveImage/action", + "Microsoft.LabServices/labs/read", + "Microsoft.LabServices/labs/write", + "Microsoft.LabServices/labs/delete", + "Microsoft.LabServices/labs/publish/action", + "Microsoft.LabServices/labs/syncGroup/action", + "Microsoft.LabServices/labs/schedules/read", + "Microsoft.LabServices/labs/schedules/write", + "Microsoft.LabServices/labs/schedules/delete", + "Microsoft.LabServices/labs/users/read", + "Microsoft.LabServices/labs/users/write", + "Microsoft.LabServices/labs/users/delete", + "Microsoft.LabServices/labs/users/invite/action", + "Microsoft.LabServices/labs/virtualMachines/read", + "Microsoft.LabServices/labs/virtualMachines/start/action", + "Microsoft.LabServices/labs/virtualMachines/stop/action", + "Microsoft.LabServices/labs/virtualMachines/reimage/action", + "Microsoft.LabServices/labs/virtualMachines/redeploy/action", + "Microsoft.LabServices/labs/virtualMachines/resetPassword/action", + "Microsoft.LabServices/locations/usages/read", + "Microsoft.LabServices/skus/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.LabServices/labPlans/createLab/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-11-11T00:57:05.9018065Z", + "updatedOn": "2021-11-11T20:15:29.4992096Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/5daaa2af-1fe8-407c-9122-bba179798270", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "5daaa2af-1fe8-407c-9122-bba179798270" + }, + { + "properties": { + "roleName": "Security Admin", + "type": "BuiltInRole", + "description": "Security Admin Role", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Authorization/policyAssignments/*", + "Microsoft.Authorization/policyDefinitions/*", + "Microsoft.Authorization/policyExemptions/*", + "Microsoft.Authorization/policySetDefinitions/*", + "Microsoft.Insights/alertRules/*", + "Microsoft.Management/managementGroups/read", + "Microsoft.operationalInsights/workspaces/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Security/*", + "Microsoft.IoTSecurity/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-05-03T07:51:23.0917487Z", + "updatedOn": "2021-11-15T06:42:49.8263550Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "fb1c8493-542b-48eb-b624-b4c8fea62acd" + }, + { + "properties": { + "roleName": "Web PubSub Service Owner", + "type": "BuiltInRole", + "description": "Full access to Azure Web PubSub Service REST APIs", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.SignalRService/WebPubSub/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-03-24T09:10:11.8335180Z", + "updatedOn": "2023-04-06T15:21:51.7148896Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/12cf5a90-567b-43ae-8102-96cf46c7d9b4", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "12cf5a90-567b-43ae-8102-96cf46c7d9b4" + }, + { + "properties": { + "roleName": "Web PubSub Service Reader", + "type": "BuiltInRole", + "description": "Read-only access to Azure Web PubSub Service REST APIs", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.SignalRService/WebPubSub/*/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-03-24T09:11:12.6235436Z", + "updatedOn": "2023-04-06T15:21:51.6558878Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/bfb1c7d2-fb1a-466b-b2ba-aee63b92deaf", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "bfb1c7d2-fb1a-466b-b2ba-aee63b92deaf" + }, + { + "properties": { + "roleName": "SignalR App Server", + "type": "BuiltInRole", + "description": "Lets your app server access SignalR Service with AAD auth options.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.SignalRService/SignalR/auth/accessKey/action", + "Microsoft.SignalRService/SignalR/serverConnection/write", + "Microsoft.SignalRService/SignalR/clientConnection/write" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-07-29T06:54:40.1201435Z", + "updatedOn": "2021-11-16T05:19:04.8579948Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/420fcaa2-552c-430f-98ca-3264be4806c7", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "420fcaa2-552c-430f-98ca-3264be4806c7" + }, + { + "properties": { + "roleName": "Virtual Machine User Login", + "type": "BuiltInRole", + "description": "View Virtual Machines in the portal and login as a regular user.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Network/publicIPAddresses/read", + "Microsoft.Network/virtualNetworks/read", + "Microsoft.Network/loadBalancers/read", + "Microsoft.Network/networkInterfaces/read", + "Microsoft.Compute/virtualMachines/*/read", + "Microsoft.HybridCompute/machines/*/read", + "Microsoft.HybridConnectivity/endpoints/listCredentials/action" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Compute/virtualMachines/login/action", + "Microsoft.HybridCompute/machines/login/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2018-02-09T18:36:13.3315744Z", + "updatedOn": "2021-11-18T00:55:50.6185845Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "fb879df8-f326-4884-b1cf-06f3ad86be52" + }, + { + "properties": { + "roleName": "Virtual Machine Administrator Login", + "type": "BuiltInRole", + "description": "View Virtual Machines in the portal and login as administrator", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Network/publicIPAddresses/read", + "Microsoft.Network/virtualNetworks/read", + "Microsoft.Network/loadBalancers/read", + "Microsoft.Network/networkInterfaces/read", + "Microsoft.Compute/virtualMachines/*/read", + "Microsoft.HybridCompute/machines/*/read", + "Microsoft.HybridConnectivity/endpoints/listCredentials/action" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Compute/virtualMachines/login/action", + "Microsoft.Compute/virtualMachines/loginAsAdmin/action", + "Microsoft.HybridCompute/machines/login/action", + "Microsoft.HybridCompute/machines/loginAsAdmin/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2018-02-09T18:36:13.3315744Z", + "updatedOn": "2021-11-18T00:56:53.8134295Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "1c0163c0-47e6-4577-8991-ea5c82e286e4" + }, + { + "properties": { + "roleName": "Azure Connected Machine Resource Administrator", + "type": "BuiltInRole", + "description": "Can read, write, delete and re-onboard Azure Connected Machines.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.HybridCompute/machines/read", + "Microsoft.HybridCompute/machines/write", + "Microsoft.HybridCompute/machines/delete", + "Microsoft.HybridCompute/machines/UpgradeExtensions/action", + "Microsoft.HybridCompute/machines/extensions/read", + "Microsoft.HybridCompute/machines/extensions/write", + "Microsoft.HybridCompute/machines/extensions/delete", + "Microsoft.HybridCompute/privateLinkScopes/*", + "Microsoft.HybridCompute/*/read", + "Microsoft.Resources/deployments/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-10-23T20:24:59.1474607Z", + "updatedOn": "2021-12-15T16:10:25.5898511Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/cd570a14-e51a-42ad-bac8-bafd67325302", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "cd570a14-e51a-42ad-bac8-bafd67325302" + }, + { + "properties": { + "roleName": "Backup Operator", + "type": "BuiltInRole", + "description": "Lets you manage backup services, except removal of backup, vault creation and giving access to others", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Network/virtualNetworks/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action", + "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action", + "Microsoft.RecoveryServices/Vaults/backupJobs/*", + "Microsoft.RecoveryServices/Vaults/backupJobsExport/action", + "Microsoft.RecoveryServices/Vaults/backupOperationResults/*", + "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read", + "Microsoft.RecoveryServices/Vaults/backupPolicies/read", + "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*", + "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read", + "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read", + "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read", + "Microsoft.RecoveryServices/Vaults/certificates/write", + "Microsoft.RecoveryServices/Vaults/extendedInformation/read", + "Microsoft.RecoveryServices/Vaults/extendedInformation/write", + "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read", + "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*", + "Microsoft.RecoveryServices/Vaults/read", + "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read", + "Microsoft.RecoveryServices/Vaults/registeredIdentities/read", + "Microsoft.RecoveryServices/Vaults/registeredIdentities/write", + "Microsoft.RecoveryServices/Vaults/usages/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Storage/storageAccounts/read", + "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*", + "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action", + "Microsoft.RecoveryServices/Vaults/backupTriggerValidateOperation/action", + "Microsoft.RecoveryServices/Vaults/backupValidateOperationResults/read", + "Microsoft.RecoveryServices/Vaults/backupValidateOperationsStatuses/read", + "Microsoft.RecoveryServices/Vaults/backupOperations/read", + "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action", + "Microsoft.RecoveryServices/Vaults/backupEngines/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write", + "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read", + "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read", + "Microsoft.RecoveryServices/locations/backupStatus/action", + "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action", + "Microsoft.RecoveryServices/locations/backupValidateFeatures/action", + "Microsoft.RecoveryServices/locations/backupAadProperties/read", + "Microsoft.RecoveryServices/locations/backupCrrJobs/action", + "Microsoft.RecoveryServices/locations/backupCrrJob/action", + "Microsoft.RecoveryServices/locations/backupCrossRegionRestore/action", + "Microsoft.RecoveryServices/locations/backupCrrOperationResults/read", + "Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read", + "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write", + "Microsoft.RecoveryServices/operations/read", + "Microsoft.RecoveryServices/locations/operationStatus/read", + "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read", + "Microsoft.Support/*", + "Microsoft.DataProtection/backupVaults/backupInstances/read", + "Microsoft.DataProtection/backupVaults/backupInstances/read", + "Microsoft.DataProtection/backupVaults/deletedBackupInstances/read", + "Microsoft.DataProtection/backupVaults/backupPolicies/read", + "Microsoft.DataProtection/backupVaults/backupPolicies/read", + "Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read", + "Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read", + "Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action", + "Microsoft.DataProtection/backupVaults/read", + "Microsoft.DataProtection/backupVaults/operationResults/read", + "Microsoft.DataProtection/backupVaults/operationStatus/read", + "Microsoft.DataProtection/backupVaults/read", + "Microsoft.DataProtection/backupVaults/read", + "Microsoft.DataProtection/locations/operationStatus/read", + "Microsoft.DataProtection/locations/operationResults/read", + "Microsoft.DataProtection/operations/read", + "Microsoft.DataProtection/backupVaults/validateForBackup/action", + "Microsoft.DataProtection/backupVaults/backupInstances/backup/action", + "Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action", + "Microsoft.DataProtection/backupVaults/backupInstances/restore/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2017-01-03T13:21:11.8947640Z", + "updatedOn": "2022-10-14T11:00:55.4737513Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "00c29273-979b-4161-815c-10b084fb9324" + }, + { + "properties": { + "roleName": "Workbook Contributor", + "type": "BuiltInRole", + "description": "Can save shared workbooks.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Insights/workbooks/write", + "Microsoft.Insights/workbooks/delete", + "Microsoft.Insights/workbooks/read", + "Microsoft.Insights/workbooks/revisions/read", + "Microsoft.Insights/workbooktemplates/write", + "Microsoft.Insights/workbooktemplates/delete", + "Microsoft.Insights/workbooktemplates/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-08-28T20:59:42.4820277Z", + "updatedOn": "2022-12-12T18:07:19.5792794Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/e8ddcd69-c73f-4f9f-9844-4100522f16ad", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "e8ddcd69-c73f-4f9f-9844-4100522f16ad" + }, + { + "properties": { + "roleName": "Workbook Reader", + "type": "BuiltInRole", + "description": "Can read workbooks.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "microsoft.insights/workbooks/read", + "microsoft.insights/workbooks/revisions/read", + "microsoft.insights/workbooktemplates/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2019-08-28T20:56:17.6808140Z", + "updatedOn": "2022-12-12T18:07:19.5792794Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/b279062a-9be3-42a0-92ae-8b3cf002ec4d", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "b279062a-9be3-42a0-92ae-8b3cf002ec4d" + }, + { + "properties": { + "roleName": "Monitoring Contributor", + "type": "BuiltInRole", + "description": "Can read all monitoring data and update monitoring settings.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "*/read", + "Microsoft.AlertsManagement/alerts/*", + "Microsoft.AlertsManagement/alertsSummary/*", + "Microsoft.Insights/actiongroups/*", + "Microsoft.Insights/activityLogAlerts/*", + "Microsoft.Insights/AlertRules/*", + "Microsoft.Insights/components/*", + "Microsoft.Insights/createNotifications/*", + "Microsoft.Insights/dataCollectionEndpoints/*", + "Microsoft.Insights/dataCollectionRules/*", + "Microsoft.Insights/dataCollectionRuleAssociations/*", + "Microsoft.Insights/DiagnosticSettings/*", + "Microsoft.Insights/eventtypes/*", + "Microsoft.Insights/LogDefinitions/*", + "Microsoft.Insights/metricalerts/*", + "Microsoft.Insights/MetricDefinitions/*", + "Microsoft.Insights/Metrics/*", + "Microsoft.Insights/notificationStatus/*", + "Microsoft.Insights/Register/Action", + "Microsoft.Insights/scheduledqueryrules/*", + "Microsoft.Insights/webtests/*", + "Microsoft.Insights/workbooks/*", + "Microsoft.Insights/workbooktemplates/*", + "Microsoft.Insights/privateLinkScopes/*", + "Microsoft.Insights/privateLinkScopeOperationStatuses/*", + "Microsoft.OperationalInsights/workspaces/write", + "Microsoft.OperationalInsights/workspaces/intelligencepacks/*", + "Microsoft.OperationalInsights/workspaces/savedSearches/*", + "Microsoft.OperationalInsights/workspaces/search/action", + "Microsoft.OperationalInsights/workspaces/sharedKeys/action", + "Microsoft.OperationalInsights/workspaces/storageinsightconfigs/*", + "Microsoft.Support/*", + "Microsoft.WorkloadMonitor/monitors/*", + "Microsoft.AlertsManagement/smartDetectorAlertRules/*", + "Microsoft.AlertsManagement/actionRules/*", + "Microsoft.AlertsManagement/smartGroups/*", + "Microsoft.AlertsManagement/migrateFromSmartDetection/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2016-09-21T19:21:08.4345976Z", + "updatedOn": "2022-09-06T19:22:59.9084089Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "749f88d5-cbae-40b8-bcfc-e573ddc772fa" + }, + { + "properties": { + "roleName": "Monitoring Metrics Publisher", + "type": "BuiltInRole", + "description": "Enables publishing metrics against Azure resources", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Insights/Register/Action", + "Microsoft.Support/*", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Insights/Metrics/Write", + "Microsoft.Insights/Telemetry/Write" + ], + "notDataActions": [] + } + ], + "createdOn": "2018-08-14T00:36:16.5610279Z", + "updatedOn": "2022-01-04T00:38:04.0289073Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/3913510d-42f4-4e42-8a64-420c390055eb", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "3913510d-42f4-4e42-8a64-420c390055eb" + }, + { + "properties": { + "roleName": "Purview role 1 (Deprecated)", + "type": "BuiltInRole", + "description": "Deprecated role.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Purview/accounts/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Purview/accounts/data/read", + "Microsoft.Purview/accounts/data/write" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-11-14T02:37:15.0123345Z", + "updatedOn": "2022-01-04T00:43:15.6924286Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/8a3c2885-9b38-4fd2-9d99-91af537c1347", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "8a3c2885-9b38-4fd2-9d99-91af537c1347" + }, + { + "properties": { + "roleName": "Purview role 2 (Deprecated)", + "type": "BuiltInRole", + "description": "Deprecated role.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Purview/accounts/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Purview/accounts/scan/read", + "Microsoft.Purview/accounts/scan/write" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-11-14T02:40:05.0975648Z", + "updatedOn": "2022-01-04T00:47:22.9678219Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/200bba9e-f0c8-430f-892b-6f0794863803", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "200bba9e-f0c8-430f-892b-6f0794863803" + }, + { + "properties": { + "roleName": "Purview role 3 (Deprecated)", + "type": "BuiltInRole", + "description": "Deprecated role.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Purview/accounts/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Purview/accounts/data/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-11-14T02:39:22.2344740Z", + "updatedOn": "2022-01-04T00:48:08.2844802Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ff100721-1b9d-43d8-af52-42b69c1272db", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ff100721-1b9d-43d8-af52-42b69c1272db" + }, + { + "properties": { + "roleName": "Autonomous Development Platform Data Contributor (Preview)", + "type": "BuiltInRole", + "description": "Grants permissions to upload and manage new Autonomous Development Platform measurements.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.AutonomousDevelopmentPlatform/*/read", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.AutonomousDevelopmentPlatform/accounts/dataPools/discoveries/*", + "Microsoft.AutonomousDevelopmentPlatform/accounts/dataPools/uploads/*", + "Microsoft.AutonomousDevelopmentPlatform/accounts/dataPools/measurements/states/new/*", + "Microsoft.AutonomousDevelopmentPlatform/accounts/dataPools/measurementCollections/*", + "Microsoft.AutonomousDevelopmentPlatform/accounts/measurementCollections/*", + "Microsoft.AutonomousDevelopmentPlatform/workspaces/read", + "Microsoft.AutonomousDevelopmentPlatform/workspaces/discoveries/*", + "Microsoft.AutonomousDevelopmentPlatform/workspaces/uploads/*", + "Microsoft.AutonomousDevelopmentPlatform/workspaces/measurements/states/new/*", + "Microsoft.AutonomousDevelopmentPlatform/workspaces/measurements/classifications/*", + "Microsoft.AutonomousDevelopmentPlatform/workspaces/measurements/dataStreams/classifications/*", + "Microsoft.AutonomousDevelopmentPlatform/workspaces/measurementCollections/*" + ], + "notDataActions": [ + "Microsoft.AutonomousDevelopmentPlatform/accounts/dataPools/measurements/states/new/changeState/action", + "Microsoft.AutonomousDevelopmentPlatform/workspaces/measurements/states/new/changeState/action" + ] + } + ], + "createdOn": "2020-12-15T11:30:01.7459379Z", + "updatedOn": "2022-09-15T19:15:50.9036822Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/b8b15564-4fa6-4a59-ab12-03e1d9594795", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "b8b15564-4fa6-4a59-ab12-03e1d9594795" + }, + { + "properties": { + "roleName": "Autonomous Development Platform Data Owner (Preview)", + "type": "BuiltInRole", + "description": "Grants full access to Autonomous Development Platform data.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.AutonomousDevelopmentPlatform/*/read", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.AutonomousDevelopmentPlatform/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-12-15T12:13:59.9702378Z", + "updatedOn": "2022-01-04T13:20:26.2040404Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/27f8b550-c507-4db9-86f2-f4b8e816d59d", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "27f8b550-c507-4db9-86f2-f4b8e816d59d" + }, + { + "properties": { + "roleName": "Autonomous Development Platform Data Reader (Preview)", + "type": "BuiltInRole", + "description": "Grants read access to Autonomous Development Platform data.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.AutonomousDevelopmentPlatform/*/read", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.AutonomousDevelopmentPlatform/*/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-12-15T12:11:31.9843256Z", + "updatedOn": "2022-01-04T13:21:04.3207709Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/d63b75f7-47ea-4f27-92ac-e0d173aaf093", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "d63b75f7-47ea-4f27-92ac-e0d173aaf093" + }, + { + "properties": { + "roleName": "Key Vault Crypto Officer", + "type": "BuiltInRole", + "description": "Perform any action on the keys of a key vault, except manage permissions. Only works for key vaults that use the \u0027Azure role-based access control\u0027 permission model.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.KeyVault/checkNameAvailability/read", + "Microsoft.KeyVault/deletedVaults/read", + "Microsoft.KeyVault/locations/*/read", + "Microsoft.KeyVault/vaults/*/read", + "Microsoft.KeyVault/operations/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.KeyVault/vaults/keys/*", + "Microsoft.KeyVault/vaults/keyrotationpolicies/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-05-19T17:52:47.0099249Z", + "updatedOn": "2022-01-06T23:21:17.9760884Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/14b46e9e-c2b7-41b4-b07b-48a6ebf60603", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "14b46e9e-c2b7-41b4-b07b-48a6ebf60603" + }, + { + "properties": { + "roleName": "Device Update Deployments Reader", + "type": "BuiltInRole", + "description": "Gives you read access to management operations, but does not allow making changes", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.Insights/alertRules/*" + ], + "notActions": [], + "dataActions": [ + "Microsoft.DeviceUpdate/accounts/instances/management/read", + "Microsoft.DeviceUpdate/accounts/instances/updates/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-08-22T00:01:34.7053630Z", + "updatedOn": "2022-01-13T01:35:51.6463216Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/49e2f5d2-7741-4835-8efa-19e1fe35e47f", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "49e2f5d2-7741-4835-8efa-19e1fe35e47f" + }, + { + "properties": { + "roleName": "Device Update Deployments Administrator", + "type": "BuiltInRole", + "description": "Gives you full access to management operations", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*", + "Microsoft.Insights/alertRules/*" + ], + "notActions": [], + "dataActions": [ + "Microsoft.DeviceUpdate/accounts/instances/management/read", + "Microsoft.DeviceUpdate/accounts/instances/management/write", + "Microsoft.DeviceUpdate/accounts/instances/management/delete", + "Microsoft.DeviceUpdate/accounts/instances/updates/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2020-08-21T23:59:52.1001666Z", + "updatedOn": "2022-01-13T01:59:19.4616366Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/e4237640-0e3d-4a46-8fda-70bc94856432", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "e4237640-0e3d-4a46-8fda-70bc94856432" + }, + { + "properties": { + "roleName": "Azure Arc VMware Private Clouds Onboarding", + "type": "BuiltInRole", + "description": "Azure Arc VMware Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vCenter instances to Azure.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ConnectedVMwarevSphere/vcenters/Write", + "Microsoft.ConnectedVMwarevSphere/vcenters/Read", + "Microsoft.ConnectedVMwarevSphere/vcenters/Delete", + "Microsoft.Insights/AlertRules/Write", + "Microsoft.Insights/AlertRules/Delete", + "Microsoft.Insights/AlertRules/Read", + "Microsoft.Insights/AlertRules/Activated/Action", + "Microsoft.Insights/AlertRules/Resolved/Action", + "Microsoft.Insights/AlertRules/Throttled/Action", + "Microsoft.Insights/AlertRules/Incidents/Read", + "Microsoft.Resources/deployments/read", + "Microsoft.Resources/deployments/write", + "Microsoft.Resources/deployments/delete", + "Microsoft.Resources/deployments/cancel/action", + "Microsoft.Resources/deployments/validate/action", + "Microsoft.Resources/deployments/whatIf/action", + "Microsoft.Resources/deployments/exportTemplate/action", + "Microsoft.Resources/deployments/operations/read", + "Microsoft.Resources/deployments/operationstatuses/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/write", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/subscriptions/operationresults/read", + "Microsoft.KubernetesConfiguration/extensions/Write", + "Microsoft.KubernetesConfiguration/extensions/Read", + "Microsoft.KubernetesConfiguration/extensions/Delete", + "Microsoft.KubernetesConfiguration/operations/read", + "Microsoft.ExtendedLocation/customLocations/Read", + "Microsoft.ExtendedLocation/customLocations/Write", + "Microsoft.ExtendedLocation/customLocations/Delete", + "Microsoft.ExtendedLocation/customLocations/deploy/action", + "Microsoft.ResourceConnector/appliances/Read", + "Microsoft.ResourceConnector/appliances/Write", + "Microsoft.ResourceConnector/appliances/Delete", + "Microsoft.BackupSolutions/vmwareapplications/write", + "Microsoft.BackupSolutions/vmwareapplications/delete", + "Microsoft.BackupSolutions/vmwareapplications/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-11-01T22:18:08.4480747Z", + "updatedOn": "2022-09-27T19:16:52.1052938Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/67d33e57-3129-45e6-bb0b-7cc522f762fa", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "67d33e57-3129-45e6-bb0b-7cc522f762fa" + }, + { + "properties": { + "roleName": "Chamber Admin", + "type": "BuiltInRole", + "description": "Lets you manage everything under your Modeling and Simulation Workbench chamber.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ModSimWorkbench/*/read", + "Microsoft.ModSimWorkbench/workbenches/chambers/*", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [ + "Microsoft.ModSimWorkbench/workbenches/chambers/fileRequests/manage/action" + ], + "dataActions": [ + "Microsoft.ModSimWorkbench/workbenches/chambers/upload/action", + "Microsoft.ModSimWorkbench/workbenches/chambers/files/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-12-15T20:53:14.4428297Z", + "updatedOn": "2023-02-13T16:14:49.7063543Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/4e9b8407-af2e-495b-ae54-bb60a55b1b5a", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "4e9b8407-af2e-495b-ae54-bb60a55b1b5a" + }, + { + "properties": { + "roleName": "Microsoft Sentinel Automation Contributor", + "type": "BuiltInRole", + "description": "Microsoft Sentinel Automation Contributor", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Logic/workflows/triggers/read", + "Microsoft.Logic/workflows/triggers/listCallbackUrl/action", + "Microsoft.Logic/workflows/runs/read", + "Microsoft.Web/sites/hostruntime/webhooks/api/workflows/triggers/read", + "Microsoft.Web/sites/hostruntime/webhooks/api/workflows/triggers/listCallbackUrl/action", + "Microsoft.Web/sites/hostruntime/webhooks/api/workflows/runs/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2021-01-24T08:50:52.0382991Z", + "updatedOn": "2022-01-26T09:25:00.4699337Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/f4c81013-99ee-4d62-a7ee-b3f1f648599a", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "f4c81013-99ee-4d62-a7ee-b3f1f648599a" + }, + { + "properties": { + "roleName": "CDN Endpoint Reader", + "type": "BuiltInRole", + "description": "Can view CDN endpoints, but can\u2019t make changes.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Cdn/edgenodes/read", + "Microsoft.Cdn/operationresults/*", + "Microsoft.Cdn/profiles/endpoints/*/read", + "Microsoft.Cdn/profiles/afdendpoints/validateCustomDomain/action", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2016-01-23T02:48:46.4996252Z", + "updatedOn": "2022-01-26T19:51:29.2636610Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/871e35f6-b5c1-49cc-a043-bde969a0f2cd", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "871e35f6-b5c1-49cc-a043-bde969a0f2cd" + }, + { + "properties": { + "roleName": "Chamber User", + "type": "BuiltInRole", + "description": "Lets you view everything under your Modeling and Simulation Workbench chamber, but not make any changes.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ModSimWorkbench/workbenches/chambers/*/read", + "Microsoft.ModSimWorkbench/workbenches/chambers/workloads/*", + "Microsoft.ModSimWorkbench/workbenches/chambers/getUploadUri/action", + "Microsoft.ModSimWorkbench/workbenches/chambers/fileRequests/getDownloadUri/action", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.ModSimWorkbench/workbenches/chambers/upload/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2021-12-15T20:51:06.2119764Z", + "updatedOn": "2023-02-13T16:14:49.7073547Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/4447db05-44ed-4da3-ae60-6cbece780e32", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "4447db05-44ed-4da3-ae60-6cbece780e32" + }, + { + "properties": { + "roleName": "Cognitive Services Speech User", + "type": "BuiltInRole", + "description": "Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can\u2019t create, delete or modify the data/test/model/endpoint for custom models.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CognitiveServices/*/read", + "Microsoft.Authorization/roleAssignments/read", + "Microsoft.Authorization/roleDefinitions/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/accounts/SpeechServices/*/read", + "Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/read", + "Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/write", + "Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/delete", + "Microsoft.CognitiveServices/accounts/SpeechServices/*/frontend/action", + "Microsoft.CognitiveServices/accounts/SpeechServices/text-dependent/*/action", + "Microsoft.CognitiveServices/accounts/SpeechServices/text-independent/*/action", + "Microsoft.CognitiveServices/accounts/CustomVoice/*/read", + "Microsoft.CognitiveServices/accounts/CustomVoice/evaluations/*", + "Microsoft.CognitiveServices/accounts/CustomVoice/longaudiosynthesis/*", + "Microsoft.CognitiveServices/accounts/AudioContentCreation/*" + ], + "notDataActions": [ + "Microsoft.CognitiveServices/accounts/CustomVoice/datasets/files/read", + "Microsoft.CognitiveServices/accounts/CustomVoice/datasets/utterances/read" + ] + } + ], + "createdOn": "2021-03-30T11:28:27.4339032Z", + "updatedOn": "2022-05-23T19:12:17.2452043Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/f2dc8367-1007-4938-bd23-fe263f013447", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "f2dc8367-1007-4938-bd23-fe263f013447" + }, + { + "properties": { + "roleName": "Windows Admin Center Administrator Login", + "type": "BuiltInRole", + "description": "Let\u0027s you manage the OS of your resource via Windows Admin Center as an administrator.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.HybridCompute/machines/*/read", + "Microsoft.HybridCompute/machines/extensions/*", + "Microsoft.HybridCompute/machines/upgradeExtensions/action", + "Microsoft.HybridCompute/operations/read", + "Microsoft.Network/networkInterfaces/read", + "Microsoft.Network/loadBalancers/read", + "Microsoft.Network/publicIPAddresses/read", + "Microsoft.Network/virtualNetworks/read", + "Microsoft.Network/networkSecurityGroups/read", + "Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read", + "Microsoft.Network/networkWatchers/securityGroupView/action", + "Microsoft.Network/networkSecurityGroups/securityRules/read", + "Microsoft.Network/networkSecurityGroups/securityRules/write", + "Microsoft.HybridConnectivity/endpoints/write", + "Microsoft.HybridConnectivity/endpoints/read", + "Microsoft.HybridConnectivity/endpoints/listManagedProxyDetails/action", + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/read", + "Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/softwarePatches/read", + "Microsoft.Compute/virtualMachines/patchInstallationResults/read", + "Microsoft.Compute/virtualMachines/patchInstallationResults/softwarePatches/read", + "Microsoft.Compute/virtualMachines/extensions/read", + "Microsoft.Compute/virtualMachines/instanceView/read", + "Microsoft.Compute/virtualMachines/runCommands/read", + "Microsoft.Compute/virtualMachines/vmSizes/read", + "Microsoft.Compute/locations/publishers/artifacttypes/types/read", + "Microsoft.Compute/locations/publishers/artifacttypes/types/versions/read", + "Microsoft.Compute/diskAccesses/read", + "Microsoft.Compute/galleries/images/read", + "Microsoft.Compute/images/read", + "Microsoft.AzureStackHCI/Clusters/Read", + "Microsoft.AzureStackHCI/Clusters/ArcSettings/Read", + "Microsoft.AzureStackHCI/Clusters/ArcSettings/Extensions/Read", + "Microsoft.AzureStackHCI/Clusters/ArcSettings/Extensions/Write", + "Microsoft.AzureStackHCI/Clusters/ArcSettings/Extensions/Delete", + "Microsoft.AzureStackHCI/Operations/Read", + "Microsoft.ConnectedVMwarevSphere/VirtualMachines/Read", + "Microsoft.ConnectedVMwarevSphere/VirtualMachines/Extensions/Write", + "Microsoft.ConnectedVMwarevSphere/VirtualMachines/Extensions/Read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.HybridCompute/machines/WACLoginAsAdmin/action", + "Microsoft.Compute/virtualMachines/WACloginAsAdmin/action", + "Microsoft.AzureStackHCI/Clusters/WACloginAsAdmin/Action", + "Microsoft.ConnectedVMwarevSphere/virtualmachines/WACloginAsAdmin/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2022-01-12T00:51:19.5581155Z", + "updatedOn": "2022-12-08T11:14:56.4039795Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a6333a3e-0164-44c3-b281-7a577aff287f", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a6333a3e-0164-44c3-b281-7a577aff287f" + }, + { + "properties": { + "roleName": "Azure Kubernetes Service Policy Add-on Deployment", + "type": "BuiltInRole", + "description": "Deploy the Azure Policy add-on on Azure Kubernetes Service clusters", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Resources/deployments/*", + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/publicIPPrefixes/join/action", + "Microsoft.Network/publicIPAddresses/join/action", + "Microsoft.Compute/diskEncryptionSets/read", + "Microsoft.Compute/proximityPlacementGroups/write" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-02-07T20:51:48.5662807Z", + "updatedOn": "2022-03-16T01:35:31.5373337Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/18ed5180-3e48-46fd-8541-4ea054d57064", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "18ed5180-3e48-46fd-8541-4ea054d57064" + }, + { + "properties": { + "roleName": "Guest Configuration Resource Contributor", + "type": "BuiltInRole", + "description": "Lets you read, write Guest Configuration Resource.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.GuestConfiguration/guestConfigurationAssignments/write", + "Microsoft.GuestConfiguration/guestConfigurationAssignments/read", + "Microsoft.GuestConfiguration/guestConfigurationAssignments/*/read", + "Microsoft.Resources/deployments/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-01-13T21:31:41.9626667Z", + "updatedOn": "2022-02-10T19:22:44.9057916Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/088ab73d-1256-47ae-bea9-9de8e7131f31", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "088ab73d-1256-47ae-bea9-9de8e7131f31" + }, + { + "properties": { + "roleName": "Domain Services Reader", + "type": "BuiltInRole", + "description": "Can view Azure AD Domain Services and related network configurations", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/read", + "Microsoft.Resources/deployments/operations/read", + "Microsoft.Resources/deployments/operationstatuses/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Insights/AlertRules/Read", + "Microsoft.Insights/AlertRules/Incidents/Read", + "Microsoft.Insights/Logs/Read", + "Microsoft.Insights/Metrics/read", + "Microsoft.Insights/DiagnosticSettings/read", + "Microsoft.Insights/DiagnosticSettingsCategories/Read", + "Microsoft.AAD/domainServices/*/read", + "Microsoft.Network/virtualNetworks/read", + "Microsoft.Network/virtualNetworks/subnets/read", + "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read", + "Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/read", + "Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read", + "Microsoft.Network/azureFirewalls/read", + "Microsoft.Network/ddosProtectionPlans/read", + "Microsoft.Network/loadBalancers/read", + "Microsoft.Network/loadBalancers/*/read", + "Microsoft.Network/natGateways/read", + "Microsoft.Network/networkInterfaces/read", + "Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read", + "Microsoft.Network/networkSecurityGroups/read", + "Microsoft.Network/networkSecurityGroups/securityRules/read", + "Microsoft.Network/routeTables/read", + "Microsoft.Network/routeTables/routes/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-02-15T19:38:46.9043170Z", + "updatedOn": "2022-06-27T19:30:44.3629686Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/361898ef-9ed1-48c2-849c-a832951106bb", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "361898ef-9ed1-48c2-849c-a832951106bb" + }, + { + "properties": { + "roleName": "Domain Services Contributor", + "type": "BuiltInRole", + "description": "Can manage Azure AD Domain Services and related network configurations", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/read", + "Microsoft.Resources/deployments/write", + "Microsoft.Resources/deployments/delete", + "Microsoft.Resources/deployments/cancel/action", + "Microsoft.Resources/deployments/validate/action", + "Microsoft.Resources/deployments/whatIf/action", + "Microsoft.Resources/deployments/exportTemplate/action", + "Microsoft.Resources/deployments/operations/read", + "Microsoft.Resources/deployments/operationstatuses/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Insights/AlertRules/Write", + "Microsoft.Insights/AlertRules/Delete", + "Microsoft.Insights/AlertRules/Read", + "Microsoft.Insights/AlertRules/Activated/Action", + "Microsoft.Insights/AlertRules/Resolved/Action", + "Microsoft.Insights/AlertRules/Throttled/Action", + "Microsoft.Insights/AlertRules/Incidents/Read", + "Microsoft.Insights/Logs/Read", + "Microsoft.Insights/Metrics/Read", + "Microsoft.Insights/DiagnosticSettings/*", + "Microsoft.Insights/DiagnosticSettingsCategories/Read", + "Microsoft.AAD/register/action", + "Microsoft.AAD/unregister/action", + "Microsoft.AAD/domainServices/*", + "Microsoft.Network/register/action", + "Microsoft.Network/unregister/action", + "Microsoft.Network/virtualNetworks/read", + "Microsoft.Network/virtualNetworks/write", + "Microsoft.Network/virtualNetworks/delete", + "Microsoft.Network/virtualNetworks/peer/action", + "Microsoft.Network/virtualNetworks/join/action", + "Microsoft.Network/virtualNetworks/subnets/read", + "Microsoft.Network/virtualNetworks/subnets/write", + "Microsoft.Network/virtualNetworks/subnets/delete", + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read", + "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write", + "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete", + "Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/read", + "Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read", + "Microsoft.Network/azureFirewalls/read", + "Microsoft.Network/ddosProtectionPlans/read", + "Microsoft.Network/ddosProtectionPlans/join/action", + "Microsoft.Network/loadBalancers/read", + "Microsoft.Network/loadBalancers/delete", + "Microsoft.Network/loadBalancers/*/read", + "Microsoft.Network/loadBalancers/backendAddressPools/join/action", + "Microsoft.Network/loadBalancers/inboundNatRules/join/action", + "Microsoft.Network/natGateways/join/action", + "Microsoft.Network/networkInterfaces/read", + "Microsoft.Network/networkInterfaces/write", + "Microsoft.Network/networkInterfaces/delete", + "Microsoft.Network/networkInterfaces/join/action", + "Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read", + "Microsoft.Network/networkSecurityGroups/read", + "Microsoft.Network/networkSecurityGroups/write", + "Microsoft.Network/networkSecurityGroups/delete", + "Microsoft.Network/networkSecurityGroups/join/action", + "Microsoft.Network/networkSecurityGroups/securityRules/read", + "Microsoft.Network/networkSecurityGroups/securityRules/write", + "Microsoft.Network/networkSecurityGroups/securityRules/delete", + "Microsoft.Network/routeTables/read", + "Microsoft.Network/routeTables/write", + "Microsoft.Network/routeTables/delete", + "Microsoft.Network/routeTables/join/action", + "Microsoft.Network/routeTables/routes/read", + "Microsoft.Network/routeTables/routes/write", + "Microsoft.Network/routeTables/routes/delete" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-02-15T19:40:22.3943189Z", + "updatedOn": "2022-06-27T19:30:44.3629686Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/eeaeda52-9324-47f6-8069-5d5bade478b2", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "eeaeda52-9324-47f6-8069-5d5bade478b2" + }, + { + "properties": { + "roleName": "DNS Resolver Contributor", + "type": "BuiltInRole", + "description": "Lets you manage DNS resolver resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Network/dnsResolvers/read", + "Microsoft.Network/dnsResolvers/write", + "Microsoft.Network/dnsResolvers/delete", + "Microsoft.Network/dnsResolvers/join/action", + "Microsoft.Network/dnsResolvers/inboundEndpoints/read", + "Microsoft.Network/dnsResolvers/inboundEndpoints/write", + "Microsoft.Network/dnsResolvers/inboundEndpoints/delete", + "Microsoft.Network/dnsResolvers/inboundEndpoints/join/action", + "Microsoft.Network/dnsResolvers/outboundEndpoints/read", + "Microsoft.Network/dnsResolvers/outboundEndpoints/write", + "Microsoft.Network/dnsResolvers/outboundEndpoints/delete", + "Microsoft.Network/dnsResolvers/outboundEndpoints/join/action", + "Microsoft.Network/dnsForwardingRulesets/read", + "Microsoft.Network/dnsForwardingRulesets/write", + "Microsoft.Network/dnsForwardingRulesets/delete", + "Microsoft.Network/dnsForwardingRulesets/join/action", + "Microsoft.Network/dnsForwardingRulesets/forwardingRules/read", + "Microsoft.Network/dnsForwardingRulesets/forwardingRules/write", + "Microsoft.Network/dnsForwardingRulesets/forwardingRules/delete", + "Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks/read", + "Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks/write", + "Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks/delete", + "Microsoft.Network/locations/dnsResolverOperationResults/read", + "Microsoft.Network/locations/dnsResolverOperationStatuses/read", + "Microsoft.Network/virtualNetworks/read", + "Microsoft.Network/virtualNetworks/join/action", + "Microsoft.Network/virtualNetworks/subnets/read", + "Microsoft.Network/virtualNetworks/subnets/write", + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/virtualNetworks/join/action", + "Microsoft.Network/virtualNetworks/joinLoadBalancer/action", + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action", + "Microsoft.Network/natGateways/join/action", + "Microsoft.Network/networkSecurityGroups/join/action", + "Microsoft.Network/routeTables/join/action", + "Microsoft.Network/serviceEndpointPolicies/join/action", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-02-16T23:25:04.4308795Z", + "updatedOn": "2022-03-12T03:10:56.0891783Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d" + }, + { + "properties": { + "roleName": "Azure Arc Enabled Kubernetes Cluster User Role", + "type": "BuiltInRole", + "description": "List cluster user credentials action.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Resources/deployments/write", + "Microsoft.Resources/subscriptions/operationresults/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Kubernetes/connectedClusters/listClusterUserCredentials/action", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Support/*", + "Microsoft.Kubernetes/connectedClusters/listClusterUserCredential/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2020-07-28T17:37:00.7637445Z", + "updatedOn": "2022-02-17T02:29:05.1000798Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/00493d72-78f6-4148-b6c5-d3ce8e4799dd", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "00493d72-78f6-4148-b6c5-d3ce8e4799dd" + }, + { + "properties": { + "roleName": "Data Operator for Managed Disks", + "type": "BuiltInRole", + "description": "Provides permissions to upload data to empty managed disks, read, or export data of managed disks (not attached to running VMs) and snapshots using SAS URIs and Azure AD authentication.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Compute/disks/download/action", + "Microsoft.Compute/disks/upload/action", + "Microsoft.Compute/snapshots/download/action", + "Microsoft.Compute/snapshots/upload/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2022-03-01T07:44:08.5420759Z", + "updatedOn": "2022-03-01T07:44:08.5420759Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/959f8984-c045-4866-89c7-12bf9737be2e", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "959f8984-c045-4866-89c7-12bf9737be2e" + }, + { + "properties": { + "roleName": "AgFood Platform Sensor Partner Contributor", + "type": "BuiltInRole", + "description": "Provides contribute access to manage sensor related entities in AgFood Platform Service", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.AgFoodPlatform/farmBeats/sensorPartnerScope/*" + ], + "notDataActions": [ + "Microsoft.AgFoodPlatform/farmBeats/sensorPartnerScope/sensors/delete" + ] + } + ], + "createdOn": "2022-03-09T11:06:02.2546966Z", + "updatedOn": "2022-10-27T09:36:05.2105861Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/6b77f0a0-0d89-41cc-acd1-579c22c17a67", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "6b77f0a0-0d89-41cc-acd1-579c22c17a67" + }, + { + "properties": { + "roleName": "Compute Gallery Sharing Admin", + "type": "BuiltInRole", + "description": "This role allows user to share gallery to another subscription/tenant or share it to the public.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Compute/galleries/share/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-03-10T06:37:39.5861946Z", + "updatedOn": "2022-03-26T02:42:25.9674154Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/1ef6a3be-d0ac-425d-8c01-acb62866290b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "1ef6a3be-d0ac-425d-8c01-acb62866290b" + }, + { + "properties": { + "roleName": "Scheduled Patching Contributor", + "type": "BuiltInRole", + "description": "Provides access to manage maintenance configurations with maintenance scope InGuestPatch and corresponding configuration assignments", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Maintenance/maintenanceConfigurations/read", + "Microsoft.Maintenance/maintenanceConfigurations/write", + "Microsoft.Maintenance/maintenanceConfigurations/delete", + "Microsoft.Maintenance/configurationAssignments/read", + "Microsoft.Maintenance/configurationAssignments/write", + "Microsoft.Maintenance/configurationAssignments/delete", + "Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/read", + "Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/write", + "Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/delete", + "Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/read", + "Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/write", + "Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/delete" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-03-21T16:36:03.6770776Z", + "updatedOn": "2022-04-13T14:13:00.6215441Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/cd08ab90-6b14-449c-ad9a-8f8e549482c6", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "cd08ab90-6b14-449c-ad9a-8f8e549482c6" + }, + { + "properties": { + "roleName": "DevCenter Dev Box User", + "type": "BuiltInRole", + "description": "Provides access to create and manage dev boxes.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.DevCenter/projects/read", + "Microsoft.DevCenter/projects/*/read", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.DevCenter/projects/users/devboxes/userStop/action", + "Microsoft.DevCenter/projects/users/devboxes/userStart/action", + "Microsoft.DevCenter/projects/users/devboxes/userGetRemoteConnection/action", + "Microsoft.DevCenter/projects/users/devboxes/userRead/action", + "Microsoft.DevCenter/projects/users/devboxes/userWrite/action", + "Microsoft.DevCenter/projects/users/devboxes/userDelete/action", + "Microsoft.DevCenter/projects/users/devboxes/userUpcomingActionRead/action", + "Microsoft.DevCenter/projects/users/devboxes/userUpcomingActionManage/action", + "Microsoft.DevCenter/projects/users/devboxes/userActionRead/action", + "Microsoft.DevCenter/projects/users/devboxes/userActionManage/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2022-04-01T00:43:09.4468117Z", + "updatedOn": "2023-03-27T15:08:57.7138542Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/45d50f46-0b78-4001-a660-4198cbe8cd05", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "45d50f46-0b78-4001-a660-4198cbe8cd05" + }, + { + "properties": { + "roleName": "DevCenter Project Admin", + "type": "BuiltInRole", + "description": "Provides access to manage project resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.DevCenter/projects/*", + "Microsoft.Fidalgo/projects/*", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [ + "Microsoft.DevCenter/projects/write", + "Microsoft.DevCenter/projects/delete", + "Microsoft.Fidalgo/projects/write", + "Microsoft.Fidalgo/projects/delete" + ], + "dataActions": [ + "Microsoft.DevCenter/projects/users/devboxes/adminStart/action", + "Microsoft.DevCenter/projects/users/devboxes/adminStop/action", + "Microsoft.DevCenter/projects/users/devboxes/adminRead/action", + "Microsoft.DevCenter/projects/users/devboxes/adminWrite/action", + "Microsoft.DevCenter/projects/users/devboxes/adminDelete/action", + "Microsoft.DevCenter/projects/users/devboxes/userStop/action", + "Microsoft.DevCenter/projects/users/devboxes/userStart/action", + "Microsoft.DevCenter/projects/users/devboxes/userGetRemoteConnection/action", + "Microsoft.DevCenter/projects/users/devboxes/userRead/action", + "Microsoft.DevCenter/projects/users/devboxes/userWrite/action", + "Microsoft.DevCenter/projects/users/devboxes/userDelete/action", + "Microsoft.DevCenter/projects/users/environments/adminRead/action", + "Microsoft.DevCenter/projects/users/environments/userWrite/action", + "Microsoft.DevCenter/projects/users/environments/userDelete/action", + "Microsoft.DevCenter/projects/users/environments/adminDelete/action", + "Microsoft.DevCenter/projects/users/environments/adminAction/action", + "Microsoft.Fidalgo/projects/users/virtualMachines/adminStart/action", + "Microsoft.Fidalgo/projects/users/virtualMachines/adminStop/action", + "Microsoft.Fidalgo/projects/users/virtualMachines/adminRead/action", + "Microsoft.Fidalgo/projects/users/virtualMachines/adminWrite/action", + "Microsoft.Fidalgo/projects/users/virtualMachines/adminDelete/action", + "Microsoft.Fidalgo/projects/users/virtualMachines/userStop/action", + "Microsoft.Fidalgo/projects/users/virtualMachines/userStart/action", + "Microsoft.Fidalgo/projects/users/virtualMachines/userGetRdpFileContent/action", + "Microsoft.Fidalgo/projects/users/virtualMachines/userRead/action", + "Microsoft.Fidalgo/projects/users/virtualMachines/userWrite/action", + "Microsoft.Fidalgo/projects/users/virtualMachines/userDelete/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2022-04-01T01:58:38.0472365Z", + "updatedOn": "2022-10-12T12:04:35.1154575Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/331c37c6-af14-46d9-b9f4-e1909e1b95a0", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "331c37c6-af14-46d9-b9f4-e1909e1b95a0" + }, + { + "properties": { + "roleName": "Virtual Machine Local User Login", + "type": "BuiltInRole", + "description": "View Virtual Machines in the portal and login as a local user configured on the arc server", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.HybridCompute/machines/*/read", + "Microsoft.HybridConnectivity/endpoints/listCredentials/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-04-07T06:13:18.8975022Z", + "updatedOn": "2022-04-17T01:05:14.2345428Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/602da2ba-a5c2-41da-b01d-5360126ab525", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "602da2ba-a5c2-41da-b01d-5360126ab525" + }, + { + "properties": { + "roleName": "Azure Arc ScVmm Private Cloud User", + "type": "BuiltInRole", + "description": "Azure Arc ScVmm Private Cloud User has permissions to use the ScVmm resources to deploy VMs.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Insights/AlertRules/Write", + "Microsoft.Insights/AlertRules/Delete", + "Microsoft.Insights/AlertRules/Read", + "Microsoft.Insights/AlertRules/Activated/Action", + "Microsoft.Insights/AlertRules/Resolved/Action", + "Microsoft.Insights/AlertRules/Throttled/Action", + "Microsoft.Insights/AlertRules/Incidents/Read", + "Microsoft.Resources/deployments/read", + "Microsoft.Resources/deployments/write", + "Microsoft.Resources/deployments/delete", + "Microsoft.Resources/deployments/cancel/action", + "Microsoft.Resources/deployments/validate/action", + "Microsoft.Resources/deployments/whatIf/action", + "Microsoft.Resources/deployments/exportTemplate/action", + "Microsoft.Resources/deployments/operations/read", + "Microsoft.Resources/deployments/operationstatuses/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/write", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/subscriptions/operationresults/read", + "microsoft.scvmm/virtualnetworks/join/action", + "microsoft.scvmm/virtualnetworks/Read", + "microsoft.scvmm/virtualmachinetemplates/clone/action", + "microsoft.scvmm/virtualmachinetemplates/Read", + "microsoft.scvmm/clouds/deploy/action", + "microsoft.scvmm/clouds/Read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-04-13T23:34:21.1716375Z", + "updatedOn": "2022-05-06T02:42:26.5137351Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/c0781e91-8102-4553-8951-97c6d4243cda", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "c0781e91-8102-4553-8951-97c6d4243cda" + }, + { + "properties": { + "roleName": "Azure Arc ScVmm VM Contributor", + "type": "BuiltInRole", + "description": "Arc ScVmm VM Contributor has permissions to perform all VM actions.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "microsoft.scvmm/virtualmachines/*", + "Microsoft.Insights/AlertRules/Write", + "Microsoft.Insights/AlertRules/Delete", + "Microsoft.Insights/AlertRules/Read", + "Microsoft.Insights/AlertRules/Activated/Action", + "Microsoft.Insights/AlertRules/Resolved/Action", + "Microsoft.Insights/AlertRules/Throttled/Action", + "Microsoft.Insights/AlertRules/Incidents/Read", + "Microsoft.Resources/deployments/read", + "Microsoft.Resources/deployments/write", + "Microsoft.Resources/deployments/delete", + "Microsoft.Resources/deployments/cancel/action", + "Microsoft.Resources/deployments/validate/action", + "Microsoft.Resources/deployments/whatIf/action", + "Microsoft.Resources/deployments/exportTemplate/action", + "Microsoft.Resources/deployments/operations/read", + "Microsoft.Resources/deployments/operationstatuses/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/write", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/subscriptions/operationresults/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-04-13T23:34:21.1716375Z", + "updatedOn": "2022-05-06T02:42:26.5137351Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/e582369a-e17b-42a5-b10c-874c387c530b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "e582369a-e17b-42a5-b10c-874c387c530b" + }, + { + "properties": { + "roleName": "Azure Arc ScVmm Private Clouds Onboarding", + "type": "BuiltInRole", + "description": "Azure Arc ScVmm Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vmm server instances to Azure.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "microsoft.scvmm/vmmservers/Read", + "microsoft.scvmm/vmmservers/Write", + "microsoft.scvmm/vmmservers/Delete", + "Microsoft.Insights/AlertRules/Write", + "Microsoft.Insights/AlertRules/Delete", + "Microsoft.Insights/AlertRules/Read", + "Microsoft.Insights/AlertRules/Activated/Action", + "Microsoft.Insights/AlertRules/Resolved/Action", + "Microsoft.Insights/AlertRules/Throttled/Action", + "Microsoft.Insights/AlertRules/Incidents/Read", + "Microsoft.Resources/deployments/read", + "Microsoft.Resources/deployments/write", + "Microsoft.Resources/deployments/delete", + "Microsoft.Resources/deployments/cancel/action", + "Microsoft.Resources/deployments/validate/action", + "Microsoft.Resources/deployments/whatIf/action", + "Microsoft.Resources/deployments/exportTemplate/action", + "Microsoft.Resources/deployments/operations/read", + "Microsoft.Resources/deployments/operationstatuses/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/write", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/subscriptions/operationresults/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-04-13T23:34:21.1716375Z", + "updatedOn": "2022-05-06T02:42:26.5137351Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/6aac74c4-6311-40d2-bbdd-7d01e7c6e3a9", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "6aac74c4-6311-40d2-bbdd-7d01e7c6e3a9" + }, + { + "properties": { + "roleName": "Azure Arc ScVmm Administrator role", + "type": "BuiltInRole", + "description": "Arc ScVmm VM Administrator has permissions to perform all ScVmm actions.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ScVmm/*", + "Microsoft.Insights/AlertRules/Write", + "Microsoft.Insights/AlertRules/Delete", + "Microsoft.Insights/AlertRules/Read", + "Microsoft.Insights/AlertRules/Activated/Action", + "Microsoft.Insights/AlertRules/Resolved/Action", + "Microsoft.Insights/AlertRules/Throttled/Action", + "Microsoft.Insights/AlertRules/Incidents/Read", + "Microsoft.Resources/deployments/read", + "Microsoft.Resources/deployments/write", + "Microsoft.Resources/deployments/delete", + "Microsoft.Resources/deployments/cancel/action", + "Microsoft.Resources/deployments/validate/action", + "Microsoft.Resources/deployments/whatIf/action", + "Microsoft.Resources/deployments/exportTemplate/action", + "Microsoft.Resources/deployments/operations/read", + "Microsoft.Resources/deployments/operationstatuses/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/write", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/subscriptions/operationresults/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-04-13T23:34:24.1295963Z", + "updatedOn": "2022-05-06T02:42:26.5137351Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a92dfd61-77f9-4aec-a531-19858b406c87", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a92dfd61-77f9-4aec-a531-19858b406c87" + }, + { + "properties": { + "roleName": "FHIR Data Importer", + "type": "BuiltInRole", + "description": "Role allows user or principal to read and import FHIR Data", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.HealthcareApis/workspaces/fhirservices/resources/read", + "Microsoft.HealthcareApis/workspaces/fhirservices/resources/import/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2022-04-19T14:05:02.2341374Z", + "updatedOn": "2022-04-21T15:21:45.3114429Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/4465e953-8ced-4406-a58e-0f6e3f3b530b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "4465e953-8ced-4406-a58e-0f6e3f3b530b" + }, + { + "properties": { + "roleName": "API Management Developer Portal Content Editor", + "type": "BuiltInRole", + "description": "Can customize the developer portal, edit its content, and publish it.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ApiManagement/service/portalRevisions/read", + "Microsoft.ApiManagement/service/portalRevisions/write", + "Microsoft.ApiManagement/service/contentTypes/read", + "Microsoft.ApiManagement/service/contentTypes/delete", + "Microsoft.ApiManagement/service/contentTypes/write", + "Microsoft.ApiManagement/service/contentTypes/contentItems/read", + "Microsoft.ApiManagement/service/contentTypes/contentItems/write", + "Microsoft.ApiManagement/service/contentTypes/contentItems/delete" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-05-06T23:48:52.0904132Z", + "updatedOn": "2022-05-11T03:49:58.0615604Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/c031e6a8-4391-4de0-8d69-4706a7ed3729", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "c031e6a8-4391-4de0-8d69-4706a7ed3729" + }, + { + "properties": { + "roleName": "VM Scanner Operator", + "type": "BuiltInRole", + "description": "Role that provides access to disk snapshot for security analysis.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Compute/disks/read", + "Microsoft.Compute/disks/beginGetAccess/action", + "Microsoft.Compute/virtualMachines/instanceView/read", + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachineScaleSets/instanceView/read", + "Microsoft.Compute/virtualMachineScaleSets/read", + "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read", + "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/instanceView/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-05-15T22:07:11.4824101Z", + "updatedOn": "2022-06-07T21:49:06.7541695Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/d24ecba3-c1f4-40fa-a7bb-4588a071e8fd", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "d24ecba3-c1f4-40fa-a7bb-4588a071e8fd" + }, + { + "properties": { + "roleName": "Elastic SAN Owner", + "type": "BuiltInRole", + "description": "Allows for full access to all resources under Azure Elastic SAN including changing network security policies to unblock data path access", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.ElasticSan/elasticSans/*", + "Microsoft.ElasticSan/locations/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-05-26T14:43:05.0517355Z", + "updatedOn": "2022-08-23T19:38:11.0709750Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/80dcbedb-47ef-405d-95bd-188a1b4ac406", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "80dcbedb-47ef-405d-95bd-188a1b4ac406" + }, + { + "properties": { + "roleName": "Elastic SAN Reader", + "type": "BuiltInRole", + "description": "Allows for control path read access to Azure Elastic SAN", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/roleAssignments/read", + "Microsoft.Authorization/roleDefinitions/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.ElasticSan/elasticSans/*/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-06-01T09:07:18.1020550Z", + "updatedOn": "2022-08-23T19:38:11.0709750Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/af6a70f8-3c9f-4105-acf1-d719e9fca4ca", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "af6a70f8-3c9f-4105-acf1-d719e9fca4ca" + }, + { + "properties": { + "roleName": "Desktop Virtualization Power On Contributor", + "type": "BuiltInRole", + "description": "This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to start virtual machines.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Compute/virtualMachines/start/action", + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/instanceView/read", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-06-29T03:46:13.8314771Z", + "updatedOn": "2022-07-18T19:14:08.5695548Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/489581de-a3bd-480d-9518-53dea7416b33", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "489581de-a3bd-480d-9518-53dea7416b33" + }, + { + "properties": { + "roleName": "Desktop Virtualization Virtual Machine Contributor", + "type": "BuiltInRole", + "description": "This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to create, delete, update, start, and stop virtual machines.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.DesktopVirtualization/hostpools/read", + "Microsoft.DesktopVirtualization/hostpools/write", + "Microsoft.DesktopVirtualization/hostpools/retrieveRegistrationToken/action", + "Microsoft.DesktopVirtualization/hostpools/sessionhosts/read", + "Microsoft.DesktopVirtualization/hostpools/sessionhosts/write", + "Microsoft.DesktopVirtualization/hostpools/sessionhosts/delete", + "Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/read", + "Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/disconnect/action", + "Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/sendMessage/action", + "Microsoft.DesktopVirtualization/hostpools/sessionHostConfigurations/read", + "Microsoft.Compute/availabilitySets/read", + "Microsoft.Compute/availabilitySets/write", + "Microsoft.Compute/availabilitySets/vmSizes/read", + "Microsoft.Compute/disks/read", + "Microsoft.Compute/disks/write", + "Microsoft.Compute/disks/delete", + "Microsoft.Compute/galleries/read", + "Microsoft.Compute/galleries/images/read", + "Microsoft.Compute/galleries/images/versions/read", + "Microsoft.Compute/images/read", + "Microsoft.Compute/locations/usages/read", + "Microsoft.Compute/locations/vmSizes/read", + "Microsoft.Compute/operations/read", + "Microsoft.Compute/skus/read", + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write", + "Microsoft.Compute/virtualMachines/delete", + "Microsoft.Compute/virtualMachines/start/action", + "Microsoft.Compute/virtualMachines/powerOff/action", + "Microsoft.Compute/virtualMachines/restart/action", + "Microsoft.Compute/virtualMachines/deallocate/action", + "Microsoft.Compute/virtualMachines/runCommand/action", + "Microsoft.Compute/virtualMachines/extensions/read", + "Microsoft.Compute/virtualMachines/extensions/write", + "Microsoft.Compute/virtualMachines/extensions/delete", + "Microsoft.Compute/virtualMachines/runCommands/read", + "Microsoft.Compute/virtualMachines/runCommands/write", + "Microsoft.Compute/virtualMachines/vmSizes/read", + "Microsoft.Network/networkSecurityGroups/read", + "Microsoft.Network/networkInterfaces/write", + "Microsoft.Network/networkInterfaces/read", + "Microsoft.Network/networkInterfaces/join/action", + "Microsoft.Network/networkInterfaces/delete", + "Microsoft.Network/virtualNetworks/subnets/read", + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Marketplace/offerTypes/publishers/offers/plans/agreements/read", + "Microsoft.KeyVault/vaults/deploy/action", + "Microsoft.Storage/storageAccounts/read", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-06-29T03:46:13.8314771Z", + "updatedOn": "2022-07-18T19:14:08.5695548Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a959dbd1-f747-45e3-8ba6-dd80f235f97c", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a959dbd1-f747-45e3-8ba6-dd80f235f97c" + }, + { + "properties": { + "roleName": "Desktop Virtualization Power On Off Contributor", + "type": "BuiltInRole", + "description": "This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to start and stop virtual machines.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Compute/virtualMachines/start/action", + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/instanceView/read", + "Microsoft.Compute/virtualMachines/deallocate/action", + "Microsoft.Compute/virtualMachines/restart/action", + "Microsoft.Compute/virtualMachines/powerOff/action", + "Microsoft.Insights/eventtypes/values/read", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.DesktopVirtualization/hostpools/read", + "Microsoft.DesktopVirtualization/hostpools/write", + "Microsoft.DesktopVirtualization/hostpools/sessionhosts/read", + "Microsoft.DesktopVirtualization/hostpools/sessionhosts/write", + "Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/delete", + "Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/read", + "Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/sendMessage/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-06-29T03:46:13.8314771Z", + "updatedOn": "2022-07-18T19:14:08.5695548Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/40c5ff49-9181-41f8-ae61-143b0e78555e", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "40c5ff49-9181-41f8-ae61-143b0e78555e" + }, + { + "properties": { + "roleName": "Access Review Operator Service Role", + "type": "BuiltInRole", + "description": "Lets you grant Access Review System app permissions to discover and revoke access as needed by the access review process.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/roleAssignments/read", + "Microsoft.Authorization/roleAssignments/delete", + "Microsoft.Management/getEntities/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-07-04T19:06:39.6698534Z", + "updatedOn": "2022-07-04T19:06:39.6698534Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/76cc9ee4-d5d3-4a45-a930-26add3d73475", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "76cc9ee4-d5d3-4a45-a930-26add3d73475" + }, + { + "properties": { + "roleName": "Elastic SAN Volume Group Owner", + "type": "BuiltInRole", + "description": "Allows for full access to a volume group in Azure Elastic SAN including changing network security policies to unblock data path access", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/roleAssignments/read", + "Microsoft.Authorization/roleDefinitions/read", + "Microsoft.ElasticSan/elasticSans/volumeGroups/*", + "Microsoft.ElasticSan/locations/asyncoperations/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-07-04T19:06:39.6698534Z", + "updatedOn": "2022-08-23T19:38:11.0709750Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a8281131-f312-4f34-8d98-ae12be9f0d23", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a8281131-f312-4f34-8d98-ae12be9f0d23" + }, + { + "properties": { + "roleName": "Code Signing Identity Verifier", + "type": "BuiltInRole", + "description": "Manage identity or business verification requests. This role is in preview and subject to change.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CodeSigning/*/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CodeSigning/IdentityVerification/Read", + "Microsoft.CodeSigning/IdentityVerification/Write" + ], + "notDataActions": [] + } + ], + "createdOn": "2022-07-29T09:38:19.4833637Z", + "updatedOn": "2022-11-02T09:28:49.2895511Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/4339b7cf-9826-4e41-b4ed-c7f4505dac08", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "4339b7cf-9826-4e41-b4ed-c7f4505dac08" + }, + { + "properties": { + "roleName": "Video Indexer Restricted Viewer", + "type": "BuiltInRole", + "description": "Has access to view and search through all video\u0027s insights and transcription in the Video Indexer portal. No access to model customization, embedding of widget, downloading videos, or sharing the account.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.VideoIndexer/*/read", + "Microsoft.VideoIndexer/accounts/*/action" + ], + "notActions": [ + "Microsoft.VideoIndexer/*/write", + "Microsoft.VideoIndexer/*/delete", + "Microsoft.VideoIndexer/accounts/generateAccessToken/action" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-08-09T22:16:43.1549850Z", + "updatedOn": "2022-08-09T22:16:43.1549850Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a2c4a527-7dc0-4ee3-897b-403ade70fafb", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a2c4a527-7dc0-4ee3-897b-403ade70fafb" + }, + { + "properties": { + "roleName": "Monitoring Data Reader", + "type": "BuiltInRole", + "description": "Can access the data in an Azure Monitor Workspace.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Monitor/accounts/data/metrics/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2022-08-22T17:29:10.2888534Z", + "updatedOn": "2022-10-07T22:54:50.7208650Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/b0d8363b-8ddd-447d-831f-62ca05bff136", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "b0d8363b-8ddd-447d-831f-62ca05bff136" + }, + { + "properties": { + "roleName": "Azure Kubernetes Fleet Manager RBAC Reader", + "type": "BuiltInRole", + "description": "Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/operationresults/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.ContainerService/fleets/read", + "Microsoft.ContainerService/fleets/listCredentials/action" + ], + "notActions": [], + "dataActions": [ + "Microsoft.ContainerService/fleets/apps/controllerrevisions/read", + "Microsoft.ContainerService/fleets/apps/daemonsets/read", + "Microsoft.ContainerService/fleets/apps/deployments/read", + "Microsoft.ContainerService/fleets/apps/statefulsets/read", + "Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/read", + "Microsoft.ContainerService/fleets/batch/cronjobs/read", + "Microsoft.ContainerService/fleets/batch/jobs/read", + "Microsoft.ContainerService/fleets/configmaps/read", + "Microsoft.ContainerService/fleets/endpoints/read", + "Microsoft.ContainerService/fleets/events.k8s.io/events/read", + "Microsoft.ContainerService/fleets/events/read", + "Microsoft.ContainerService/fleets/extensions/daemonsets/read", + "Microsoft.ContainerService/fleets/extensions/deployments/read", + "Microsoft.ContainerService/fleets/extensions/ingresses/read", + "Microsoft.ContainerService/fleets/extensions/networkpolicies/read", + "Microsoft.ContainerService/fleets/limitranges/read", + "Microsoft.ContainerService/fleets/namespaces/read", + "Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/read", + "Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/read", + "Microsoft.ContainerService/fleets/persistentvolumeclaims/read", + "Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/read", + "Microsoft.ContainerService/fleets/replicationcontrollers/read", + "Microsoft.ContainerService/fleets/replicationcontrollers/read", + "Microsoft.ContainerService/fleets/resourcequotas/read", + "Microsoft.ContainerService/fleets/serviceaccounts/read", + "Microsoft.ContainerService/fleets/services/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2022-08-22T19:30:13.8996497Z", + "updatedOn": "2022-08-26T22:17:37.9519239Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/30b27cfc-9c84-438e-b0ce-70e35255df80", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "30b27cfc-9c84-438e-b0ce-70e35255df80" + }, + { + "properties": { + "roleName": "Azure Kubernetes Fleet Manager RBAC Cluster Admin", + "type": "BuiltInRole", + "description": "Lets you manage all resources in the fleet manager cluster.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/operationresults/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.ContainerService/fleets/read", + "Microsoft.ContainerService/fleets/listCredentials/action" + ], + "notActions": [], + "dataActions": [ + "Microsoft.ContainerService/fleets/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2022-08-22T19:30:13.8996497Z", + "updatedOn": "2022-08-22T19:30:13.8996497Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/18ab4d3d-a1bf-4477-8ad9-8359bc988f69", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "18ab4d3d-a1bf-4477-8ad9-8359bc988f69" + }, + { + "properties": { + "roleName": "Azure Kubernetes Fleet Manager RBAC Admin", + "type": "BuiltInRole", + "description": "This role grants admin access - provides write permissions on most objects within a a namespace, with the exception of ResourceQuota object and the namespace object itself. Applying this role at cluster scope will give access across all namespaces.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/operationresults/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.ContainerService/fleets/read", + "Microsoft.ContainerService/fleets/listCredentials/action" + ], + "notActions": [], + "dataActions": [ + "Microsoft.ContainerService/fleets/apps/controllerrevisions/read", + "Microsoft.ContainerService/fleets/apps/daemonsets/*", + "Microsoft.ContainerService/fleets/apps/deployments/*", + "Microsoft.ContainerService/fleets/apps/statefulsets/*", + "Microsoft.ContainerService/fleets/authorization.k8s.io/localsubjectaccessreviews/write", + "Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/*", + "Microsoft.ContainerService/fleets/batch/cronjobs/*", + "Microsoft.ContainerService/fleets/batch/jobs/*", + "Microsoft.ContainerService/fleets/configmaps/*", + "Microsoft.ContainerService/fleets/endpoints/*", + "Microsoft.ContainerService/fleets/events.k8s.io/events/read", + "Microsoft.ContainerService/fleets/events/read", + "Microsoft.ContainerService/fleets/extensions/daemonsets/*", + "Microsoft.ContainerService/fleets/extensions/deployments/*", + "Microsoft.ContainerService/fleets/extensions/ingresses/*", + "Microsoft.ContainerService/fleets/extensions/networkpolicies/*", + "Microsoft.ContainerService/fleets/limitranges/read", + "Microsoft.ContainerService/fleets/namespaces/read", + "Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/*", + "Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/*", + "Microsoft.ContainerService/fleets/persistentvolumeclaims/*", + "Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/*", + "Microsoft.ContainerService/fleets/rbac.authorization.k8s.io/rolebindings/*", + "Microsoft.ContainerService/fleets/rbac.authorization.k8s.io/roles/*", + "Microsoft.ContainerService/fleets/replicationcontrollers/*", + "Microsoft.ContainerService/fleets/replicationcontrollers/*", + "Microsoft.ContainerService/fleets/resourcequotas/read", + "Microsoft.ContainerService/fleets/secrets/*", + "Microsoft.ContainerService/fleets/serviceaccounts/*", + "Microsoft.ContainerService/fleets/services/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2022-08-22T19:30:13.8996497Z", + "updatedOn": "2022-08-26T22:17:37.9519239Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/434fb43a-c01c-447e-9f67-c3ad923cfaba", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "434fb43a-c01c-447e-9f67-c3ad923cfaba" + }, + { + "properties": { + "roleName": "Azure Kubernetes Fleet Manager RBAC Writer", + "type": "BuiltInRole", + "description": "Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/operationresults/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.ContainerService/fleets/read", + "Microsoft.ContainerService/fleets/listCredentials/action" + ], + "notActions": [], + "dataActions": [ + "Microsoft.ContainerService/fleets/apps/controllerrevisions/read", + "Microsoft.ContainerService/fleets/apps/daemonsets/*", + "Microsoft.ContainerService/fleets/apps/deployments/*", + "Microsoft.ContainerService/fleets/apps/statefulsets/*", + "Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/*", + "Microsoft.ContainerService/fleets/batch/cronjobs/*", + "Microsoft.ContainerService/fleets/batch/jobs/*", + "Microsoft.ContainerService/fleets/configmaps/*", + "Microsoft.ContainerService/fleets/endpoints/*", + "Microsoft.ContainerService/fleets/events.k8s.io/events/read", + "Microsoft.ContainerService/fleets/events/read", + "Microsoft.ContainerService/fleets/extensions/daemonsets/*", + "Microsoft.ContainerService/fleets/extensions/deployments/*", + "Microsoft.ContainerService/fleets/extensions/ingresses/*", + "Microsoft.ContainerService/fleets/extensions/networkpolicies/*", + "Microsoft.ContainerService/fleets/limitranges/read", + "Microsoft.ContainerService/fleets/namespaces/read", + "Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/*", + "Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/*", + "Microsoft.ContainerService/fleets/persistentvolumeclaims/*", + "Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/*", + "Microsoft.ContainerService/fleets/replicationcontrollers/*", + "Microsoft.ContainerService/fleets/replicationcontrollers/*", + "Microsoft.ContainerService/fleets/resourcequotas/read", + "Microsoft.ContainerService/fleets/secrets/*", + "Microsoft.ContainerService/fleets/serviceaccounts/*", + "Microsoft.ContainerService/fleets/services/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2022-08-22T19:30:13.8996497Z", + "updatedOn": "2022-08-26T22:17:37.9519239Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/5af6afb3-c06c-4fa4-8848-71a8aee05683", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "5af6afb3-c06c-4fa4-8848-71a8aee05683" + }, + { + "properties": { + "roleName": "Azure Kubernetes Fleet Manager Contributor Role", + "type": "BuiltInRole", + "description": "Grants access to read and write Azure Kubernetes Fleet Manager clusters", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ContainerService/fleets/*", + "Microsoft.Resources/deployments/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-08-22T19:30:13.8996497Z", + "updatedOn": "2022-08-22T19:30:13.8996497Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/63bb64ad-9799-4770-b5c3-24ed299a07bf", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "63bb64ad-9799-4770-b5c3-24ed299a07bf" + }, + { + "properties": { + "roleName": "Kubernetes Namespace User", + "type": "BuiltInRole", + "description": "Allows a user to read namespace resources and retrieve kubeconfig for the cluster", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.KubernetesConfiguration/namespaces/read", + "Microsoft.KubernetesConfiguration/namespaces/listUserCredential/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-08-24T10:06:57.4909513Z", + "updatedOn": "2022-08-24T10:06:57.4909513Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ba79058c-0414-4a34-9e42-c3399d80cd5a", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ba79058c-0414-4a34-9e42-c3399d80cd5a" + }, + { + "properties": { + "roleName": "Data Labeling - Labeler", + "type": "BuiltInRole", + "description": "Can label data in Labeling.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.MachineLearningServices/workspaces/read", + "Microsoft.MachineLearningServices/workspaces/experiments/runs/read", + "Microsoft.MachineLearningServices/workspaces/labeling/projects/read", + "Microsoft.MachineLearningServices/workspaces/labeling/projects/summary/read", + "Microsoft.MachineLearningServices/workspaces/labeling/labels/read", + "Microsoft.MachineLearningServices/workspaces/labeling/labels/write" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-09-02T22:35:46.9532934Z", + "updatedOn": "2022-09-08T23:03:02.1057014Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/c6decf44-fd0a-444c-a844-d653c394e7ab", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "c6decf44-fd0a-444c-a844-d653c394e7ab" + }, + { + "properties": { + "roleName": "Role Based Access Control Administrator (Preview)", + "type": "BuiltInRole", + "description": "Manage access to Azure resources by assigning roles using Azure RBAC. This role does not allow you to manage access using other ways, such as Azure Policy.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Authorization/roleAssignments/write", + "Microsoft.Authorization/roleAssignments/delete", + "*/read", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-09-07T02:29:29.6592395Z", + "updatedOn": "2022-09-07T02:29:29.6592395Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/f58310d9-a9f6-439a-9e8d-f62e7b41a168", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "f58310d9-a9f6-439a-9e8d-f62e7b41a168" + }, + { + "properties": { + "roleName": "Template Spec Reader", + "type": "BuiltInRole", + "description": "Allows read access to Template Specs at the assigned scope.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Resources/templateSpecs/*/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-09-08T01:58:14.2969628Z", + "updatedOn": "2022-09-08T01:58:14.2969628Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/392ae280-861d-42bd-9ea5-08ee6d83b80e", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "392ae280-861d-42bd-9ea5-08ee6d83b80e" + }, + { + "properties": { + "roleName": "Template Spec Contributor", + "type": "BuiltInRole", + "description": "Allows full access to Template Spec operations at the assigned scope.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Resources/templateSpecs/*", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-09-08T01:58:14.2969628Z", + "updatedOn": "2022-09-08T01:58:14.2969628Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/1c9b6475-caf0-4164-b5a1-2142a7116f4b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "1c9b6475-caf0-4164-b5a1-2142a7116f4b" + }, + { + "properties": { + "roleName": "Microsoft Sentinel Playbook Operator", + "type": "BuiltInRole", + "description": "Microsoft Sentinel Playbook Operator", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Logic/workflows/read", + "Microsoft.Logic/workflows/triggers/listCallbackUrl/action", + "Microsoft.Web/sites/hostruntime/webhooks/api/workflows/triggers/listCallbackUrl/action", + "Microsoft.Web/sites/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-09-20T19:20:30.6118766Z", + "updatedOn": "2022-12-07T20:30:39.3980234Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/51d6186e-6489-4900-b93f-92e23144cca5", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "51d6186e-6489-4900-b93f-92e23144cca5" + }, + { + "properties": { + "roleName": "Deployment Environments User", + "type": "BuiltInRole", + "description": "Provides access to manage environment resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.DevCenter/projects/read", + "Microsoft.DevCenter/projects/*/read", + "Microsoft.Fidalgo/projects/read", + "Microsoft.Fidalgo/projects/*/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Authorization/*/read" + ], + "notActions": [ + "Microsoft.DevCenter/projects/pools/read", + "Microsoft.Fidalgo/projects/pools/read", + "Microsoft.DevCenter/projects/pools/schedules/read" + ], + "dataActions": [ + "Microsoft.DevCenter/projects/users/environments/adminRead/action", + "Microsoft.DevCenter/projects/users/environments/userWrite/action", + "Microsoft.DevCenter/projects/users/environments/userDelete/action", + "Microsoft.DevCenter/projects/users/environments/adminAction/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2022-09-22T01:04:20.3753915Z", + "updatedOn": "2022-10-12T12:04:35.1467077Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/18e40d4e-8d2e-438d-97e1-9528336e149c", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "18e40d4e-8d2e-438d-97e1-9528336e149c" + }, + { + "properties": { + "roleName": "Azure Spring Apps Connect Role", + "type": "BuiltInRole", + "description": "Azure Spring Apps Connect Role", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.AppPlatform/Spring/apps/deployments/connect/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2022-09-23T11:08:28.4674830Z", + "updatedOn": "2022-09-23T11:08:28.4674830Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/80558df3-64f9-4c0f-b32d-e5094b036b0b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "80558df3-64f9-4c0f-b32d-e5094b036b0b" + }, + { + "properties": { + "roleName": "Azure Spring Apps Remote Debugging Role", + "type": "BuiltInRole", + "description": "Azure Spring Apps Remote Debugging Role", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.AppPlatform/Spring/apps/deployments/remotedebugging/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2022-09-23T11:23:41.7163850Z", + "updatedOn": "2022-09-23T11:23:41.7163850Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a99b0159-1064-4c22-a57b-c9b3caa1c054", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a99b0159-1064-4c22-a57b-c9b3caa1c054" + }, + { + "properties": { + "roleName": "AzureML Registry User", + "type": "BuiltInRole", + "description": "Can perform all actions on Machine Learning Services Registry assets\u00A0as well as get Registry resources.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.MachineLearningServices/registries/read", + "Microsoft.MachineLearningServices/registries/assets/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-09-27T19:16:52.1052938Z", + "updatedOn": "2022-09-27T19:16:52.1052938Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/1823dd4f-9b8c-4ab6-ab4e-7397a3684615", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "1823dd4f-9b8c-4ab6-ab4e-7397a3684615" + }, + { + "properties": { + "roleName": "AzureML Compute Operator", + "type": "BuiltInRole", + "description": "Can access and perform CRUD operations on Machine Learning Services managed compute resources (including Notebook VMs).", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.MachineLearningServices/workspaces/computes/*", + "Microsoft.MachineLearningServices/workspaces/notebooks/vm/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-09-27T19:16:52.1052938Z", + "updatedOn": "2022-09-27T19:16:52.1052938Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/e503ece1-11d0-4e8e-8e2c-7a6c3bf38815", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "e503ece1-11d0-4e8e-8e2c-7a6c3bf38815" + }, + { + "properties": { + "roleName": "Azure Center for SAP solutions reader", + "type": "BuiltInRole", + "description": "This role provides read access to all capabilities of Azure Center for SAP solutions.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Workloads/sapvirtualInstances/*/read", + "Microsoft.Workloads/Locations/*/action", + "Microsoft.Workloads/Operations/read", + "Microsoft.Workloads/Locations/OperationStatuses/read", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Insights/metrics/read", + "Microsoft.Insights/metricDefinitions/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Network/virtualNetworks/read", + "Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read", + "Microsoft.Network/virtualNetworks/subnets/read", + "Microsoft.Network/virtualNetworks/subnets/virtualMachines/read", + "Microsoft.Network/networkInterfaces/read", + "Microsoft.Network/networkInterfaces/ipconfigurations/read", + "Microsoft.Network/networkInterfaces/loadBalancers/read", + "Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read", + "Microsoft.Network/loadBalancers/read", + "Microsoft.Network/loadBalancers/backendAddressPools/read", + "Microsoft.Network/loadBalancers/frontendIPConfigurations/read", + "Microsoft.Network/loadBalancers/loadBalancingRules/read", + "Microsoft.Network/loadBalancers/inboundNatRules/read", + "Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read", + "Microsoft.Network/loadBalancers/networkInterfaces/read", + "Microsoft.Network/loadBalancers/outboundRules/read", + "Microsoft.Network/loadBalancers/virtualMachines/read", + "Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read", + "Microsoft.Network/privateEndpoints/read", + "Microsoft.Storage/storageAccounts/read", + "Microsoft.Storage/storageAccounts/blobServices/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/read", + "Microsoft.Storage/storageAccounts/fileServices/read", + "Microsoft.Storage/storageAccounts/fileServices/shares/read", + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/availabilitySets/read", + "Microsoft.Compute/virtualMachines/extensions/read", + "Microsoft.Compute/disks/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-10-03T19:05:48.2297299Z", + "updatedOn": "2023-02-03T07:10:05.8465340Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/05352d14-a920-4328-a0de-4cbe7430e26b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "05352d14-a920-4328-a0de-4cbe7430e26b" + }, + { + "properties": { + "roleName": "Azure Center for SAP solutions service role", + "type": "BuiltInRole", + "description": "Azure Center for SAP solutions service role - This role is intended to be used for providing the permissions to user assigned managed identity. Azure Center for SAP solutions will use this identity to deploy and manage SAP systems.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Resources/subscriptions/resourceGroups/write", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/*", + "Microsoft.Network/loadBalancers/read", + "Microsoft.Network/loadBalancers/write", + "Microsoft.Network/loadBalancers/backendAddressPools/read", + "Microsoft.Network/loadBalancers/backendAddressPools/write", + "Microsoft.Network/loadBalancers/frontendIPConfigurations/read", + "Microsoft.Network/loadBalancers/loadBalancingRules/read", + "Microsoft.Network/loadBalancers/inboundNatRules/read", + "Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read", + "Microsoft.Network/loadBalancers/networkInterfaces/read", + "Microsoft.Network/loadBalancers/outboundRules/read", + "Microsoft.Network/loadBalancers/virtualMachines/read", + "Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read", + "Microsoft.Network/networkInterfaces/read", + "Microsoft.Network/networkInterfaces/write", + "Microsoft.Network/networkInterfaces/ipconfigurations/read", + "Microsoft.Network/networkInterfaces/loadBalancers/read", + "Microsoft.Network/virtualNetworks/read", + "Microsoft.Network/virtualNetworks/checkIpAddressAvailability/read", + "Microsoft.Network/virtualNetworks/subnets/read", + "Microsoft.Network/virtualNetworks/subnets/virtualMachines/read", + "Microsoft.Network/virtualNetworks/virtualMachines/read", + "Microsoft.Network/networkInterfaces/ipconfigurations/join/action", + "Microsoft.Network/privateEndpoints/read", + "Microsoft.Network/privateEndpoints/write", + "Microsoft.Network/networkInterfaces/join/action", + "Microsoft.Network/loadBalancers/backendAddressPools/join/action", + "Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action", + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action", + "Microsoft.Storage/storageAccounts/read", + "Microsoft.Storage/storageAccounts/write", + "Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/action", + "Microsoft.Storage/storageAccounts/blobServices/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/read", + "Microsoft.Storage/storageAccounts/fileServices/read", + "Microsoft.Storage/storageAccounts/fileServices/write", + "Microsoft.Storage/storageAccounts/fileServices/shares/read", + "Microsoft.Storage/storageAccounts/fileServices/shares/write", + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write", + "Microsoft.Compute/virtualMachines/instanceView/read", + "Microsoft.Compute/availabilitySets/read", + "Microsoft.Compute/availabilitySets/write", + "Microsoft.Compute/skus/read", + "Microsoft.Compute/sshPublicKeys/read", + "Microsoft.Compute/virtualMachines/extensions/read", + "Microsoft.Compute/virtualMachines/extensions/write", + "Microsoft.Compute/virtualMachines/extensions/delete", + "Microsoft.Compute/disks/read", + "Microsoft.Compute/disks/write" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-10-03T19:05:48.2297299Z", + "updatedOn": "2023-02-03T07:40:22.4872528Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/aabbc5dd-1af0-458b-a942-81af88f9c138", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "aabbc5dd-1af0-458b-a942-81af88f9c138" + }, + { + "properties": { + "roleName": "Azure Center for SAP solutions administrator", + "type": "BuiltInRole", + "description": "This role provides read and write access to all capabilities of Azure Center for SAP solutions.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Workloads/sapvirtualInstances/*/read", + "Microsoft.Workloads/sapVirtualInstances/*/write", + "Microsoft.Workloads/sapVirtualInstances/*/delete", + "Microsoft.Workloads/Locations/*/action", + "Microsoft.Workloads/Locations/*/read", + "Microsoft.Workloads/sapVirtualInstances/*/start/action", + "Microsoft.Workloads/sapVirtualInstances/*/stop/action", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Insights/metrics/read", + "Microsoft.Insights/metricDefinitions/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Authorization/*/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/resourceGroups/write", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/*", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Network/virtualNetworks/read", + "Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read", + "Microsoft.Network/virtualNetworks/subnets/read", + "Microsoft.Network/virtualNetworks/subnets/write", + "Microsoft.Network/virtualNetworks/subnets/virtualMachines/read", + "Microsoft.Network/networkInterfaces/read", + "Microsoft.Network/networkInterfaces/ipconfigurations/read", + "Microsoft.Network/networkInterfaces/loadBalancers/read", + "Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read", + "Microsoft.Network/loadBalancers/read", + "Microsoft.Network/loadBalancers/backendAddressPools/read", + "Microsoft.Network/loadBalancers/frontendIPConfigurations/read", + "Microsoft.Network/loadBalancers/loadBalancingRules/read", + "Microsoft.Network/loadBalancers/inboundNatRules/read", + "Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read", + "Microsoft.Network/loadBalancers/networkInterfaces/read", + "Microsoft.Network/loadBalancers/outboundRules/read", + "Microsoft.Network/loadBalancers/virtualMachines/read", + "Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read", + "Microsoft.Network/privateEndpoints/read", + "Microsoft.Network/networkSecurityGroups/join/action", + "Microsoft.Network/routeTables/join/action", + "Microsoft.Storage/storageAccounts/read", + "Microsoft.Storage/storageAccounts/blobServices/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/read", + "Microsoft.Storage/storageAccounts/fileServices/read", + "Microsoft.Storage/storageAccounts/fileServices/shares/read", + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/availabilitySets/read", + "Microsoft.Compute/sshPublicKeys/read", + "Microsoft.Compute/sshPublicKeys/write", + "Microsoft.Compute/sshPublicKeys/*/generateKeyPair/action", + "Microsoft.Compute/virtualMachines/extensions/read", + "Microsoft.Compute/virtualMachines/extensions/delete", + "Microsoft.Compute/disks/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read" + ], + "notDataActions": [] + } + ], + "createdOn": "2022-10-04T19:16:18.4584328Z", + "updatedOn": "2023-02-06T16:01:22.3881136Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7" + }, + { + "properties": { + "roleName": "Azure Traffic Controller Configuration Manager", + "type": "BuiltInRole", + "description": "Allows access to traffic controller resource. Also allows all confiuration Updates on traffic controller", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ServiceNetworking/trafficControllers/read", + "Microsoft.ServiceNetworking/trafficControllers/write", + "Microsoft.ServiceNetworking/trafficControllers/delete", + "Microsoft.ServiceNetworking/trafficControllers/frontends/read", + "Microsoft.ServiceNetworking/trafficControllers/frontends/write", + "Microsoft.ServiceNetworking/trafficControllers/frontends/delete", + "Microsoft.ServiceNetworking/trafficControllers/associations/read", + "Microsoft.ServiceNetworking/trafficControllers/associations/write", + "Microsoft.ServiceNetworking/trafficControllers/associations/delete", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/write", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read", + "Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.ServiceNetworking/trafficControllers/serviceRoutingConfigurations/read", + "Microsoft.ServiceNetworking/trafficControllers/serviceRoutingConfigurations/write", + "Microsoft.ServiceNetworking/trafficControllers/serviceRoutingConfigurations/delete" + ], + "notDataActions": [] + } + ], + "createdOn": "2022-10-06T05:17:45.6989401Z", + "updatedOn": "2022-10-28T04:09:07.9744163Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/fbc52c3f-28ad-4303-a892-8a056630b8f1", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "fbc52c3f-28ad-4303-a892-8a056630b8f1" + }, + { + "properties": { + "roleName": "FHIR SMART User", + "type": "BuiltInRole", + "description": "Role allows user to access FHIR Service according to SMART on FHIR specification", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.HealthcareApis/services/fhir/resources/read", + "Microsoft.HealthcareApis/workspaces/fhirservices/resources/read", + "Microsoft.HealthcareApis/services/fhir/resources/smart/action", + "Microsoft.HealthcareApis/workspaces/fhirservices/resources/smart/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2022-10-26T19:22:25.1242244Z", + "updatedOn": "2022-12-07T22:32:44.8392379Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/4ba50f17-9666-485c-a643-ff00808643f0", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "4ba50f17-9666-485c-a643-ff00808643f0" + }, + { + "properties": { + "roleName": "Cognitive Services OpenAI Contributor", + "type": "BuiltInRole", + "description": "Full access including the ability to fine-tune, deploy and generate text", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CognitiveServices/*/read", + "Microsoft.Authorization/roleAssignments/read", + "Microsoft.Authorization/roleDefinitions/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/accounts/OpenAI/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2022-10-27T00:27:28.3913120Z", + "updatedOn": "2022-10-27T00:27:28.3913120Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a001fd3d-188f-4b5d-821b-7da978bf7442", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a001fd3d-188f-4b5d-821b-7da978bf7442" + }, + { + "properties": { + "roleName": "Cognitive Services OpenAI User", + "type": "BuiltInRole", + "description": "Ability to view files, models, deployments. Readers can\u0027t make any changes They can inference", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.CognitiveServices/*/read", + "Microsoft.Authorization/roleAssignments/read", + "Microsoft.Authorization/roleDefinitions/read" + ], + "notActions": [], + "dataActions": [ + "Microsoft.CognitiveServices/accounts/OpenAI/*/read", + "Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/action", + "Microsoft.CognitiveServices/accounts/OpenAI/engines/search/action", + "Microsoft.CognitiveServices/accounts/OpenAI/engines/generate/action", + "Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/write", + "Microsoft.CognitiveServices/accounts/OpenAI/deployments/search/action", + "Microsoft.CognitiveServices/accounts/OpenAI/deployments/completions/action", + "Microsoft.CognitiveServices/accounts/OpenAI/deployments/chat/completions/action", + "Microsoft.CognitiveServices/accounts/OpenAI/deployments/embeddings/action", + "Microsoft.CognitiveServices/accounts/OpenAI/deployments/completions/write" + ], + "notDataActions": [] + } + ], + "createdOn": "2022-10-27T00:27:28.3913120Z", + "updatedOn": "2023-04-12T15:20:08.3698284Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/5e0bd9bd-7b93-4f28-af87-19fc36ad61bd", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "5e0bd9bd-7b93-4f28-af87-19fc36ad61bd" + }, + { + "properties": { + "roleName": "Impact Reporter", + "type": "BuiltInRole", + "description": "Allows access to create/report, read and delete impacts", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Impact/WorkloadImpacts/*", + "Microsoft.Impact/ImpactCategories/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-10-28T00:36:17.1232767Z", + "updatedOn": "2022-11-14T18:04:31.5896097Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/36e80216-a7e8-4f42-a7e1-f12c98cbaf8a", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "36e80216-a7e8-4f42-a7e1-f12c98cbaf8a" + }, + { + "properties": { + "roleName": "Impact Reader", + "type": "BuiltInRole", + "description": "Allows read-only access to reported impacts and impact categories", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Impact/WorkloadImpacts/read", + "Microsoft.Impact/ImpactCategories/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-10-28T00:51:29.5105806Z", + "updatedOn": "2022-11-14T18:04:31.5896097Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/68ff5d27-c7f5-4fa9-a21c-785d0df7bd9e", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "68ff5d27-c7f5-4fa9-a21c-785d0df7bd9e" + }, + { + "properties": { + "roleName": "ContainerApp Reader", + "type": "BuiltInRole", + "description": "View all containerapp resources, but does not allow you to make any changes.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.App/containerApps/*/read", + "Microsoft.App/containerApps/read", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-11-14T18:04:30.1574093Z", + "updatedOn": "2023-01-02T18:11:44.7991494Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ad2dd5fb-cd4b-4fd4-a9b6-4fed3630980b", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ad2dd5fb-cd4b-4fd4-a9b6-4fed3630980b" + }, + { + "properties": { + "roleName": "Azure Kubernetes Service Cluster Monitoring User", + "type": "BuiltInRole", + "description": "List cluster monitoring user credential action.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ContainerService/managedClusters/listClusterMonitoringUserCredential/action", + "Microsoft.ContainerService/managedClusters/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-11-14T18:04:30.1574093Z", + "updatedOn": "2023-02-07T16:15:04.0057947Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/1afdec4b-e479-420e-99e7-f82237c7c5e6", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "1afdec4b-e479-420e-99e7-f82237c7c5e6" + }, + { + "properties": { + "roleName": "Azure Connected Machine Resource Manager", + "type": "BuiltInRole", + "description": "Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.HybridConnectivity/endpoints/read", + "Microsoft.HybridConnectivity/endpoints/write", + "Microsoft.HybridCompute/machines/read", + "Microsoft.HybridCompute/machines/write", + "Microsoft.HybridCompute/machines/delete", + "Microsoft.HybridCompute/machines/extensions/read", + "Microsoft.HybridCompute/machines/extensions/write", + "Microsoft.HybridCompute/machines/extensions/delete", + "Microsoft.HybridCompute/*/read", + "Microsoft.HybridCompute/machines/UpgradeExtensions/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-11-15T18:14:23.5051702Z", + "updatedOn": "2022-11-16T02:38:37.5509318Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/f5819b54-e033-4d82-ac66-4fec3cbf3f4c", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "f5819b54-e033-4d82-ac66-4fec3cbf3f4c" + }, + { + "properties": { + "roleName": "SqlDb Migration Role", + "type": "BuiltInRole", + "description": "Role for SqlDb migration", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Sql/servers/read", + "Microsoft.Sql/servers/write", + "Microsoft.Sql/servers/databases/read", + "Microsoft.Sql/servers/databases/write", + "Microsoft.Sql/servers/databases/delete", + "Microsoft.DataMigration/locations/operationResults/read", + "Microsoft.DataMigration/locations/operationStatuses/read", + "Microsoft.DataMigration/locations/sqlMigrationServiceOperationResults/read", + "Microsoft.DataMigration/databaseMigrations/write", + "Microsoft.DataMigration/databaseMigrations/read", + "Microsoft.DataMigration/databaseMigrations/delete", + "Microsoft.DataMigration/databaseMigrations/cancel/action", + "Microsoft.DataMigration/databaseMigrations/cutover/action", + "Microsoft.DataMigration/sqlMigrationServices/write", + "Microsoft.DataMigration/sqlMigrationServices/delete", + "Microsoft.DataMigration/sqlMigrationServices/read", + "Microsoft.DataMigration/sqlMigrationServices/listAuthKeys/action", + "Microsoft.DataMigration/sqlMigrationServices/regenerateAuthKeys/action", + "Microsoft.DataMigration/sqlMigrationServices/deleteNode/action", + "Microsoft.DataMigration/sqlMigrationServices/listMonitoringData/action", + "Microsoft.DataMigration/sqlMigrationServices/listMigrations/read", + "Microsoft.DataMigration/sqlMigrationServices/MonitoringData/read", + "Microsoft.DataMigration/register/action", + "Microsoft.DataMigration/operations/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2022-12-08T01:05:20.5512514Z", + "updatedOn": "2023-02-21T16:08:29.5359253Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/189207d4-bb67-4208-a635-b06afe8b2c57", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "189207d4-bb67-4208-a635-b06afe8b2c57" + }, + { + "properties": { + "roleName": "Bayer Ag Powered Services GDU Solution", + "type": "BuiltInRole", + "description": "Provide access to GDU Solution by Bayer Ag Powered Services", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.AgFoodPlatform/farmBeats/parties/boundaries/read", + "Microsoft.AgFoodPlatform/farmBeats/parties/models/resourceTypes/resources/insights/*", + "Microsoft.AgFoodPlatform/farmBeats/parties/models/resourceTypes/resources/insightAttachments/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2023-01-12T12:10:00.3896956Z", + "updatedOn": "2023-03-20T15:10:14.9814064Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/c4bc862a-3b64-4a35-a021-a380c159b042", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "c4bc862a-3b64-4a35-a021-a380c159b042" + }, + { + "properties": { + "roleName": "Bayer Ag Powered Services Imagery Solution", + "type": "BuiltInRole", + "description": "Provide access to Imagery Solution by Bayer Ag Powered Services", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.AgFoodPlatform/farmBeats/parties/boundaries/read", + "Microsoft.AgFoodPlatform/farmBeats/parties/boundaries/write", + "Microsoft.AgFoodPlatform/farmBeats/ingestionJobs/satelliteDataIngestionJobs/*", + "Microsoft.AgFoodPlatform/farmBeats/scenes/*", + "Microsoft.AgFoodPlatform/farmBeats/parties/models/resourceTypes/resources/insights/*", + "Microsoft.AgFoodPlatform/farmBeats/parties/models/resourceTypes/resources/insightAttachments/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2023-01-12T12:10:00.3896956Z", + "updatedOn": "2023-03-20T15:10:14.9814064Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ef29765d-0d37-4119-a4f8-f9f9902c9588", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ef29765d-0d37-4119-a4f8-f9f9902c9588" + }, + { + "properties": { + "roleName": "Azure Center for SAP solutions Service role for management", + "type": "BuiltInRole", + "description": "This role has permissions that the user assigned managed identity must have to enable registration for the existing systems.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-01-13T11:09:47.8459997Z", + "updatedOn": "2023-02-03T07:40:22.4872528Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/0105a6b0-4bb9-43d2-982a-12806f9faddb", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "0105a6b0-4bb9-43d2-982a-12806f9faddb" + }, + { + "properties": { + "roleName": "Azure Center for SAP solutions Management role", + "type": "BuiltInRole", + "description": "This role has permissions which allow users to register existing systems, view and manage systems.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-01-13T11:09:47.8459997Z", + "updatedOn": "2023-02-03T07:40:22.4872528Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/6d949e1d-41e2-46e3-8920-c6e4f31a8310", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "6d949e1d-41e2-46e3-8920-c6e4f31a8310" + }, + { + "properties": { + "roleName": "Kubernetes Agentless Operator", + "type": "BuiltInRole", + "description": "Grants Microsoft Defender for Cloud access to Azure Kubernetes Services", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings/write", + "Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings/read", + "Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings/delete", + "Microsoft.ContainerService/managedClusters/read", + "Microsoft.Features/features/read", + "Microsoft.Features/providers/features/read", + "Microsoft.Features/providers/features/register/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-01-13T15:12:20.5820146Z", + "updatedOn": "2023-04-17T11:01:23.8967132Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/d5a2ae44-610b-4500-93be-660a0c5f5ca6", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "d5a2ae44-610b-4500-93be-660a0c5f5ca6" + }, + { + "properties": { + "roleName": "Azure Usage Billing Data Sender", + "type": "BuiltInRole", + "description": "Azure Usage Billing shared BuiltIn role to be used for all Customer Account Authentication", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.UsageBilling/accounts/inputs/send/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2023-01-13T22:47:11.6100638Z", + "updatedOn": "2023-01-27T19:26:48.9547723Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/f0310ce6-e953-4cf8-b892-fb1c87eaf7f6", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "f0310ce6-e953-4cf8-b892-fb1c87eaf7f6" + }, + { + "properties": { + "roleName": "SqlMI Migration Role", + "type": "BuiltInRole", + "description": "Role for SqlMI migration", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Sql/managedInstances/read", + "Microsoft.Sql/managedInstances/write", + "Microsoft.Sql/managedInstances/databases/read", + "Microsoft.Sql/managedInstances/databases/write", + "Microsoft.Sql/managedInstances/databases/delete", + "Microsoft.Sql/managedInstances/metrics/read", + "Microsoft.DataMigration/locations/operationResults/read", + "Microsoft.DataMigration/locations/operationStatuses/read", + "Microsoft.DataMigration/locations/sqlMigrationServiceOperationResults/read", + "Microsoft.DataMigration/databaseMigrations/write", + "Microsoft.DataMigration/databaseMigrations/read", + "Microsoft.DataMigration/databaseMigrations/delete", + "Microsoft.DataMigration/databaseMigrations/cancel/action", + "Microsoft.DataMigration/databaseMigrations/cutover/action", + "Microsoft.DataMigration/sqlMigrationServices/write", + "Microsoft.DataMigration/sqlMigrationServices/delete", + "Microsoft.DataMigration/sqlMigrationServices/read", + "Microsoft.DataMigration/sqlMigrationServices/listAuthKeys/action", + "Microsoft.DataMigration/sqlMigrationServices/regenerateAuthKeys/action", + "Microsoft.DataMigration/sqlMigrationServices/deleteNode/action", + "Microsoft.DataMigration/sqlMigrationServices/listMonitoringData/action", + "Microsoft.DataMigration/sqlMigrationServices/listMigrations/read", + "Microsoft.DataMigration/sqlMigrationServices/MonitoringData/read", + "Microsoft.DataMigration/register/action", + "Microsoft.DataMigration/operations/read", + "Microsoft.Storage/storageAccounts/read", + "Microsoft.Storage/storageAccounts/listkeys/action", + "Microsoft.Storage/storageAccounts/blobServices/read", + "Microsoft.Storage/storageAccounts/blobServices/write", + "Microsoft.Storage/storageAccounts/blobServices/containers/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-02-01T16:14:46.1546624Z", + "updatedOn": "2023-02-21T16:08:31.3805596Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/1d335eef-eee1-47fe-a9e0-53214eba8872", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "1d335eef-eee1-47fe-a9e0-53214eba8872" + }, + { + "properties": { + "roleName": "SqlVM Migration Role", + "type": "BuiltInRole", + "description": "Role for SqlVM migration", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.DataMigration/locations/operationResults/read", + "Microsoft.DataMigration/locations/operationStatuses/read", + "Microsoft.DataMigration/locations/sqlMigrationServiceOperationResults/read", + "Microsoft.DataMigration/databaseMigrations/write", + "Microsoft.DataMigration/databaseMigrations/read", + "Microsoft.DataMigration/databaseMigrations/delete", + "Microsoft.DataMigration/databaseMigrations/cancel/action", + "Microsoft.DataMigration/databaseMigrations/cutover/action", + "Microsoft.DataMigration/sqlMigrationServices/write", + "Microsoft.DataMigration/sqlMigrationServices/delete", + "Microsoft.DataMigration/sqlMigrationServices/read", + "Microsoft.DataMigration/sqlMigrationServices/listAuthKeys/action", + "Microsoft.DataMigration/sqlMigrationServices/regenerateAuthKeys/action", + "Microsoft.DataMigration/sqlMigrationServices/deleteNode/action", + "Microsoft.DataMigration/sqlMigrationServices/listMonitoringData/action", + "Microsoft.DataMigration/sqlMigrationServices/listMigrations/read", + "Microsoft.DataMigration/sqlMigrationServices/MonitoringData/read", + "Microsoft.DataMigration/register/action", + "Microsoft.DataMigration/operations/read", + "Microsoft.Storage/storageAccounts/read", + "Microsoft.Storage/storageAccounts/listkeys/action", + "Microsoft.Storage/storageAccounts/blobServices/read", + "Microsoft.Storage/storageAccounts/blobServices/write", + "Microsoft.Storage/storageAccounts/blobServices/containers/read", + "Microsoft.SqlVirtualMachine/sqlVirtualMachines/read", + "Microsoft.SqlVirtualMachine/sqlVirtualMachines/write" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-02-01T16:14:48.7360987Z", + "updatedOn": "2023-02-21T16:08:29.7399332Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ae8036db-e102-405b-a1b9-bae082ea436d", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ae8036db-e102-405b-a1b9-bae082ea436d" + }, + { + "properties": { + "roleName": "Bayer Ag Powered Services CWUM Solution User Role", + "type": "BuiltInRole", + "description": "Provide access to CWUM Solution by Bayer Ag Powered Services", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.AgFoodPlatform/farmBeats/parties/boundaries/read", + "Microsoft.AgFoodPlatform/farmBeats/parties/boundaries/write", + "Microsoft.AgFoodPlatform/farmBeats/ingestionJobs/satelliteDataIngestionJobs/*", + "Microsoft.AgFoodPlatform/farmBeats/scenes/*", + "Microsoft.AgFoodPlatform/farmBeats/parties/models/resourceTypes/resources/insights/*" + ], + "notDataActions": [] + } + ], + "createdOn": "2023-02-01T16:14:48.7360987Z", + "updatedOn": "2023-02-27T16:05:38.7305428Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a9b99099-ead7-47db-8fcf-072597a61dfa", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a9b99099-ead7-47db-8fcf-072597a61dfa" + }, + { + "properties": { + "roleName": "Azure Front Door Domain Contributor", + "type": "BuiltInRole", + "description": "Can manage Azure Front Door domains, but can\u0027t grant access to other users.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Cdn/operationresults/profileresults/customdomainresults/read", + "Microsoft.Cdn/profiles/customdomains/read", + "Microsoft.Cdn/profiles/customdomains/write", + "Microsoft.Cdn/profiles/customdomains/delete", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-02-03T15:30:15.5041698Z", + "updatedOn": "2023-02-03T15:30:15.5041698Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/0ab34830-df19-4f8c-b84e-aa85b8afa6e8", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "0ab34830-df19-4f8c-b84e-aa85b8afa6e8" + }, + { + "properties": { + "roleName": "Azure Front Door Secret Contributor", + "type": "BuiltInRole", + "description": "Can manage Azure Front Door secrets, but can\u0027t grant access to other users.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Cdn/operationresults/profileresults/secretresults/read", + "Microsoft.Cdn/profiles/secrets/read", + "Microsoft.Cdn/profiles/secrets/write", + "Microsoft.Cdn/profiles/secrets/delete", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-02-03T15:30:15.5041698Z", + "updatedOn": "2023-02-03T15:30:15.5041698Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/3f2eb865-5811-4578-b90a-6fc6fa0df8e5", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "3f2eb865-5811-4578-b90a-6fc6fa0df8e5" + }, + { + "properties": { + "roleName": "Azure Front Door Domain Reader", + "type": "BuiltInRole", + "description": "Can view Azure Front Door domains, but can\u0027t make changes.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Cdn/operationresults/profileresults/customdomainresults/read", + "Microsoft.Cdn/profiles/customdomains/read", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-02-03T15:30:15.5041698Z", + "updatedOn": "2023-02-03T15:30:15.5041698Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/0f99d363-226e-4dca-9920-b807cf8e1a5f", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "0f99d363-226e-4dca-9920-b807cf8e1a5f" + }, + { + "properties": { + "roleName": "Azure Front Door Secret Reader", + "type": "BuiltInRole", + "description": "Can view Azure Front Door secrets, but can\u0027t make changes.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Cdn/operationresults/profileresults/secretresults/read", + "Microsoft.Cdn/profiles/secrets/read", + "Microsoft.Resources/subscriptions/resourceGroups/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-02-03T15:30:20.1814931Z", + "updatedOn": "2023-02-03T15:30:20.1814931Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/0db238c4-885e-4c4f-a933-aa2cef684fca", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "0db238c4-885e-4c4f-a933-aa2cef684fca" + }, + { + "properties": { + "roleName": "MySQL Backup And Export Operator", + "type": "BuiltInRole", + "description": "Grants full access to manage backup and export resources", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.DBforMySQL/flexibleServers/validateBackup/action", + "Microsoft.DBforMySQL/flexibleServers/backupAndExport/action", + "Microsoft.DBforMySQL/locations/operationResults/read", + "Microsoft.DBforMySQL/locations/azureAsyncOperation/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-02-06T16:01:22.3871138Z", + "updatedOn": "2023-02-15T16:17:41.2391788Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/d18ad5f3-1baf-4119-b49b-d944edb1f9d0", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "d18ad5f3-1baf-4119-b49b-d944edb1f9d0" + }, + { + "properties": { + "roleName": "LocalNGFirewallAdministrator role", + "type": "BuiltInRole", + "description": "Allows user to create, modify, describe, or delete NGFirewalls.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "PaloAltoNetworks.Cloudngfw/firewalls/*", + "PaloAltoNetworks.Cloudngfw/localRulestacks/read", + "PaloAltoNetworks.Cloudngfw/globalRulestacks/read", + "PaloAltoNetworks.Cloudngfw/Locations/operationStatuses/read", + "Microsoft.OperationalInsights/workspaces/write", + "Microsoft.OperationalInsights/workspaces/sharedKeys/read", + "Microsoft.OperationalInsights/workspaces/read", + "Microsoft.Authorization/*/read", + "Microsoft.Insights/alertRules/*", + "Microsoft.Insights/metrics/read", + "Microsoft.Insights/metricDefinitions/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Support/*", + "Microsoft.Network/virtualNetworks/read", + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/publicIPAddresses/write", + "Microsoft.Network/publicIPAddresses/read", + "Microsoft.Network/publicIPAddresses/join/action", + "Microsoft.Network/networkVirtualAppliances/read", + "Microsoft.Network/networkVirtualAppliances/write", + "Microsoft.Network/networkVirtualAppliances/delete", + "Microsoft.Network/virtualHubs/read", + "Microsoft.Network/virtualWans/read", + "Microsoft.Network/virtualWans/virtualHubs/read", + "Microsoft.Network/networkSecurityGroups/read", + "Microsoft.Network/networkSecurityGroups/join/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-02-06T16:01:22.3881136Z", + "updatedOn": "2023-03-14T15:28:19.3614218Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2" + }, + { + "properties": { + "roleName": "Azure Stack HCI registration role", + "type": "BuiltInRole", + "description": "Custom Azure role to allow subscription-level access to register Azure Stack HCI", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.AzureStackHCI/register/action", + "Microsoft.AzureStackHCI/Unregister/Action", + "Microsoft.AzureStackHCI/clusters/*", + "Microsoft.HybridCompute/register/action", + "Microsoft.GuestConfiguration/register/action", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/subscriptions/resourceGroups/write", + "Microsoft.Resources/subscriptions/resourceGroups/delete", + "Microsoft.HybridConnectivity/register/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-02-06T16:01:22.3871138Z", + "updatedOn": "2023-03-29T15:16:43.9290392Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/bda0d508-adf1-4af0-9c28-88919fc3ae06", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "bda0d508-adf1-4af0-9c28-88919fc3ae06" + }, + { + "properties": { + "roleName": "LocalRulestacksAdministrator role", + "type": "BuiltInRole", + "description": "Allows users to create, modify, describe, or delete Rulestacks.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "PaloAltoNetworks.Cloudngfw/localRulestacks/*", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Authorization/*/read", + "Microsoft.ResourceHealth/availabilityStatuses/read", + "Microsoft.Resources/deployments/*", + "Microsoft.Insights/alertRules/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-02-06T16:01:22.3891153Z", + "updatedOn": "2023-02-21T16:08:31.3805596Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/bfc3b73d-c6ff-45eb-9a5f-40298295bf20", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "bfc3b73d-c6ff-45eb-9a5f-40298295bf20" + }, + { + "properties": { + "roleName": "Azure Extension for SQL Server Deployment", + "type": "BuiltInRole", + "description": "Microsoft.AzureArcData service role to enable deployment of Azure Extension for SQL Server", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Resources/deployments/write", + "Microsoft.HybridCompute/machines/extensions/write" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-03-10T19:24:06.0772059Z", + "updatedOn": "2023-03-16T22:04:26.5984064Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/7392c568-9289-4bde-aaaa-b7131215889d", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "7392c568-9289-4bde-aaaa-b7131215889d" + }, + { + "properties": { + "roleName": "Azure Maps Power BI Service Role", + "type": "BuiltInRole", + "description": "This role can be used to assign read and batch actions on Azure Maps.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Maps/accounts/services/*/read", + "Microsoft.Maps/accounts/services/batch/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2023-03-16T22:04:26.5974054Z", + "updatedOn": "2023-04-04T15:06:26.2837110Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/d6470a16-71bd-43ab-86b3-6f3a73f4e787", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "d6470a16-71bd-43ab-86b3-6f3a73f4e787" + }, + { + "properties": { + "roleName": "API Management Workspace Reader", + "type": "BuiltInRole", + "description": "Has read-only access to entities in the workspace. This role should be assigned on the workspace scope.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ApiManagement/service/workspaces/*/read", + "Microsoft.Authorization/*/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-03-22T15:15:20.4542963Z", + "updatedOn": "2023-03-22T15:15:20.4542963Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ef1c2c96-4a77-49e8-b9a4-6179fe1d2fd2", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ef1c2c96-4a77-49e8-b9a4-6179fe1d2fd2" + }, + { + "properties": { + "roleName": "API Management Workspace API Product Manager", + "type": "BuiltInRole", + "description": "Has read access to entities in the workspace and read and write access to entities for publishing APIs. This role should be assigned on the workspace scope.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ApiManagement/service/workspaces/*/read", + "Microsoft.ApiManagement/service/workspaces/products/*", + "Microsoft.ApiManagement/service/workspaces/subscriptions/*", + "Microsoft.ApiManagement/service/workspaces/groups/*", + "Microsoft.ApiManagement/service/workspaces/tags/*", + "Microsoft.ApiManagement/service/workspaces/notifications/*", + "Microsoft.Authorization/*/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-03-22T15:15:20.4542963Z", + "updatedOn": "2023-03-22T15:15:20.4542963Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/73c2c328-d004-4c5e-938c-35c6f5679a1f", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "73c2c328-d004-4c5e-938c-35c6f5679a1f" + }, + { + "properties": { + "roleName": "API Management Workspace API Developer", + "type": "BuiltInRole", + "description": "Has read access to entities in the workspace and read and write access to entities for editing APIs. This role should be assigned on the workspace scope.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ApiManagement/service/workspaces/*/read", + "Microsoft.ApiManagement/service/workspaces/apis/*", + "Microsoft.ApiManagement/service/workspaces/apiVersionSets/*", + "Microsoft.ApiManagement/service/workspaces/policies/*", + "Microsoft.ApiManagement/service/workspaces/schemas/*", + "Microsoft.ApiManagement/service/workspaces/products/*", + "Microsoft.ApiManagement/service/workspaces/policyFragments/*", + "Microsoft.ApiManagement/service/workspaces/namedValues/*", + "Microsoft.ApiManagement/service/workspaces/tags/*", + "Microsoft.Authorization/*/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-03-22T15:15:20.4542963Z", + "updatedOn": "2023-03-22T15:15:20.4542963Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/56328988-075d-4c6a-8766-d93edd6725b6", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "56328988-075d-4c6a-8766-d93edd6725b6" + }, + { + "properties": { + "roleName": "API Management Service Workspace API Product Manager", + "type": "BuiltInRole", + "description": "Has the same access as API Management Service Workspace API Developer as well as read access to users and write access to allow assigning users to groups. This role should be assigned on the service scope.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ApiManagement/service/users/read", + "Microsoft.ApiManagement/service/tags/read", + "Microsoft.ApiManagement/service/tags/apiLinks/*", + "Microsoft.ApiManagement/service/tags/operationLinks/*", + "Microsoft.ApiManagement/service/tags/productLinks/*", + "Microsoft.ApiManagement/service/products/read", + "Microsoft.ApiManagement/service/products/apiLinks/*", + "Microsoft.ApiManagement/service/groups/users/*", + "Microsoft.ApiManagement/service/read", + "Microsoft.Authorization/*/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-03-22T15:15:20.4542963Z", + "updatedOn": "2023-03-22T15:15:20.4542963Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/d59a3e9c-6d52-4a5a-aeed-6bf3cf0e31da", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "d59a3e9c-6d52-4a5a-aeed-6bf3cf0e31da" + }, + { + "properties": { + "roleName": "API Management Service Workspace API Developer", + "type": "BuiltInRole", + "description": "Has read access to tags and products and write access to allow: assigning APIs to products, assigning tags to products and APIs. This role should be assigned on the service scope.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ApiManagement/service/tags/read", + "Microsoft.ApiManagement/service/tags/apiLinks/*", + "Microsoft.ApiManagement/service/tags/operationLinks/*", + "Microsoft.ApiManagement/service/tags/productLinks/*", + "Microsoft.ApiManagement/service/products/read", + "Microsoft.ApiManagement/service/products/apiLinks/*", + "Microsoft.ApiManagement/service/read", + "Microsoft.Authorization/*/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-03-22T15:15:22.2253607Z", + "updatedOn": "2023-03-22T15:15:22.2253607Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/9565a273-41b9-4368-97d2-aeb0c976a9b3", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "9565a273-41b9-4368-97d2-aeb0c976a9b3" + }, + { + "properties": { + "roleName": "API Management Workspace Contributor", + "type": "BuiltInRole", + "description": "Can manage the workspace and view, but not modify its members. This role should be assigned on the workspace scope.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.ApiManagement/service/workspaces/*", + "Microsoft.Authorization/*/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-03-22T15:15:21.2657951Z", + "updatedOn": "2023-03-22T15:15:21.2657951Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/0c34c906-8d99-4cb7-8bb7-33f5b0a1a799", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "0c34c906-8d99-4cb7-8bb7-33f5b0a1a799" + }, + { + "properties": { + "roleName": "Storage File Data Privileged Reader", + "type": "BuiltInRole", + "description": "Customer has read access on Azure Storage file shares.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read", + "Microsoft.Storage/storageAccounts/fileServices/readFileBackupSemantics/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2023-03-24T20:36:33.5999978Z", + "updatedOn": "2023-04-07T19:31:54.7331401Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/b8eda974-7b85-4f76-af95-65846b26df6d", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "b8eda974-7b85-4f76-af95-65846b26df6d" + }, + { + "properties": { + "roleName": "Storage File Data Privileged Contributor", + "type": "BuiltInRole", + "description": "Customer has read, write, delete and modify NTFS permission access on Azure Storage file shares.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read", + "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write", + "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete", + "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action", + "Microsoft.Storage/storageAccounts/fileServices/readFileBackupSemantics/action", + "Microsoft.Storage/storageAccounts/fileServices/writeFileBackupSemantics/action" + ], + "notDataActions": [] + } + ], + "createdOn": "2023-03-24T20:51:46.4662516Z", + "updatedOn": "2023-04-07T19:31:53.4135545Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/69566ab7-960f-475b-8e7c-b3118f30c6bd", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "69566ab7-960f-475b-8e7c-b3118f30c6bd" + }, + { + "properties": { + "roleName": "Windows365NetworkUser", + "type": "BuiltInRole", + "description": "Read the virtual network informations, and join the virtual network to virtual machine in another tenant. This role is used in Windows365 scenarios.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Network/virtualNetworks/read", + "Microsoft.Network/virtualNetworks/subnets/read", + "Microsoft.Network/virtualNetworks/usages/read", + "Microsoft.Network/virtualNetworks/subnets/join/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-03-27T15:08:56.6070697Z", + "updatedOn": "2023-04-18T15:19:34.2924522Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/7eabc9a4-85f7-4f71-b8ab-75daaccc1033", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "7eabc9a4-85f7-4f71-b8ab-75daaccc1033" + }, + { + "properties": { + "roleName": "Windows365NetworkInterfaceContributor", + "type": "BuiltInRole", + "description": "Create NICs and join it to virtual machine in another tenant. This role is used in Windows365 scenarios.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Resources/subscriptions/resourcegroups/read", + "Microsoft.Resources/deployments/read", + "Microsoft.Resources/deployments/write", + "Microsoft.Resources/deployments/delete", + "Microsoft.Resources/deployments/operations/read", + "Microsoft.Resources/deployments/operationstatuses/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-03-27T15:08:58.3984832Z", + "updatedOn": "2023-03-27T15:08:58.3984832Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/1f135831-5bbe-4924-9016-264044c00788", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "1f135831-5bbe-4924-9016-264044c00788" + }, + { + "properties": { + "roleName": "Windows365SubscriptionReader", + "type": "BuiltInRole", + "description": "Read subscriptions, images, azure firewalls. This role is used in Windows365 scenarios.", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/subscriptions/operationresults/read", + "Microsoft.Authorization/*/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-03-27T15:08:58.3984832Z", + "updatedOn": "2023-03-27T15:08:58.3984832Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/3d55a8f6-4133-418d-8051-facdb1735758", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "3d55a8f6-4133-418d-8051-facdb1735758" + }, + { + "properties": { + "roleName": "App Compliance Automation Administrator", + "type": "BuiltInRole", + "description": "App Compliance Automation Administrator Role", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.AppComplianceAutomation/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-04-14T05:39:53.8680786Z", + "updatedOn": "2023-04-14T05:39:53.8680786Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/0f37683f-2463-46b6-9ce7-9b788b988ba2", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "0f37683f-2463-46b6-9ce7-9b788b988ba2" + }, + { + "properties": { + "roleName": "App Compliance Automation Reader", + "type": "BuiltInRole", + "description": "App Compliance Automation Reader Role", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "actions": [ + "Microsoft.AppComplianceAutomation/*/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "createdOn": "2023-04-14T05:39:53.8670787Z", + "updatedOn": "2023-04-14T05:39:53.8670787Z", + "createdBy": null, + "updatedBy": null + }, + "id": "/subscriptions/azure_subscription_id/providers/Microsoft.Authorization/roleDefinitions/ffc6bbe0-e443-4c3b-bf54-26581bb2f78e", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "ffc6bbe0-e443-4c3b-bf54-26581bb2f78e" + } + ] + } + } + ], + "Variables": {} +} diff --git a/sdk/authorization/arm-authorization/test/authorization_operations_test.spec.ts b/sdk/authorization/arm-authorization/test/authorization_operations_test.spec.ts new file mode 100644 index 000000000000..e179e42c1c0e --- /dev/null +++ b/sdk/authorization/arm-authorization/test/authorization_operations_test.spec.ts @@ -0,0 +1,95 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { + env, + Recorder, + RecorderStartOptions, + delay, + isPlaybackMode, +} from "@azure-tools/test-recorder"; +import { createTestCredential } from "@azure-tools/test-credential"; +import { assert } from "chai"; +import { Context } from "mocha"; +import { AuthorizationManagementClient } from "../src/authorizationManagementClient"; + +const replaceableVariables: Record = { + AZURE_CLIENT_ID: "azure_client_id", + AZURE_CLIENT_SECRET: "azure_client_secret", + AZURE_TENANT_ID: "88888888-8888-8888-8888-888888888888", + SUBSCRIPTION_ID: "azure_subscription_id" +}; + +const recorderOptions: RecorderStartOptions = { + envSetupForPlayback: replaceableVariables +}; + +export const testPollingOptions = { + updateIntervalInMs: isPlaybackMode() ? 0 : undefined, +}; + +describe("Authorization test", () => { + let recorder: Recorder; + let subscriptionId: string; + let client: AuthorizationManagementClient; + let location: string; + let resourceGroup: string; + let resourcename: string; + let roleDefinitionId: string; + let scope: string; + + beforeEach(async function (this: Context) { + recorder = new Recorder(this.currentTest); + await recorder.start(recorderOptions); + subscriptionId = env.SUBSCRIPTION_ID || ''; + // This is an example of how the environment variables are used + const credential = createTestCredential(); + client = new AuthorizationManagementClient(credential, subscriptionId, recorder.configureClientOptions({})); + location = "eastus"; + resourceGroup = "myjstest"; + resourcename = "resourcetest"; + roleDefinitionId = "roleDefinitionId"; + scope = "subscriptions/" + subscriptionId + "/resourcegroups/" + resourceGroup; + }); + + afterEach(async function () { + await recorder.stop(); + }); + + it("roleDefinitions create test", async function () { + const res = await client.roleDefinitions.createOrUpdate( + scope, + roleDefinitionId, + {} + ); + assert.equal(res.name, resourcename); + }); + + it("roleDefinitions get test", async function () { + const res = await client.roleDefinitions.get(scope, roleDefinitionId); + assert.equal(res.name, resourcename); + }); + + it.only("roleDefinitions list test", async function () { + const resArray = new Array(); + for await (let item of client.roleDefinitions.list(scope)) { + resArray.push(item); + } + assert.notEqual(resArray.length, 0); + }); + + it("roleDefinitions delete test", async function () { + const resArray = new Array(); + const res = await client.roleDefinitions.delete(scope, resourcename + ) + for await (let item of client.roleDefinitions.list(scope)) { + resArray.push(item); + } + assert.equal(resArray.length, 0); + }); +}) diff --git a/sdk/authorization/arm-authorization/test/sampleTest.ts b/sdk/authorization/arm-authorization/test/sampleTest.ts deleted file mode 100644 index 25aeb3ebcc36..000000000000 --- a/sdk/authorization/arm-authorization/test/sampleTest.ts +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { - Recorder, - RecorderStartOptions, - env -} from "@azure-tools/test-recorder"; -import { assert } from "chai"; -import { Context } from "mocha"; - -const replaceableVariables: Record = { - AZURE_CLIENT_ID: "azure_client_id", - AZURE_CLIENT_SECRET: "azure_client_secret", - AZURE_TENANT_ID: "88888888-8888-8888-8888-888888888888", - SUBSCRIPTION_ID: "azure_subscription_id" -}; - -const recorderOptions: RecorderStartOptions = { - envSetupForPlayback: replaceableVariables -}; - -describe("My test", () => { - let recorder: Recorder; - - beforeEach(async function(this: Context) { - recorder = new Recorder(this.currentTest); - await recorder.start(recorderOptions); - }); - - afterEach(async function() { - await recorder.stop(); - }); - - it("sample test", async function() { - console.log("Hi, I'm a test!"); - }); -});