Back to Operation

Microsoft Discovery Platform Contributor (Preview)

Azure Built-in Role

Role Information

Details and metadata

Role ID
01288891-85ee-45a7-b367-9db3b752fc65
Type
BuiltInRole
Last Updated (Azure)
2025-07-17 15:20:10

Change History

Track all modifications to this role

2025-07-17 15:20:10 Initial Scan
View details 
{
  "properties": {
    "roleName": "Microsoft Discovery Platform Contributor (Preview)",
    "type": "BuiltInRole",
    "description": "Grants permissions to view and operate on most Discovery platform resources, including workspaces, supercomputers, storages, agents, bookshelves, data containers, models, tools, workflows, and investigations, as well as perform data plane actions, but does not allow creating, updating, or deleting core resources such as workspaces, supercomputers, storages, bookshelves, node pools, or projects. This role is in preview and subject to change.",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Discovery/locations/operationStatuses/read",
          "Microsoft.Discovery/operations/read",
          "Microsoft.Discovery/workspaces/read",
          "Microsoft.Discovery/supercomputers/read",
          "Microsoft.Discovery/storages/read",
          "Microsoft.Discovery/agents/*",
          "Microsoft.Discovery/bookshelves/read",
          "Microsoft.Discovery/dataContainers/*",
          "Microsoft.Discovery/dataContainers/dataAssets/*",
          "Microsoft.Discovery/models/*",
          "Microsoft.Discovery/supercomputers/nodePools/read",
          "Microsoft.Discovery/tools/*",
          "Microsoft.Discovery/workflows/*",
          "Microsoft.Discovery/workspaces/projects/read",
          "Microsoft.Discovery/operations/read",
          "Microsoft.Insights/AlertRules/*",
          "Microsoft.Authorization/*/read",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Support/*"
        ],
        "notActions": [
          "Microsoft.Discovery/workspaces/write",
          "Microsoft.Discovery/workspaces/delete",
          "Microsoft.Discovery/supercomputers/write",
          "Microsoft.Discovery/supercomputers/delete",
          "Microsoft.Discovery/storages/write",
          "Microsoft.Discovery/storages/delete",
          "Microsoft.Discovery/bookshelves/write",
          "Microsoft.Discovery/bookshelves/delete",
          "Microsoft.Discovery/supercomputers/nodePools/write",
          "Microsoft.Discovery/supercomputers/nodePools/delete",
          "Microsoft.Discovery/workspaces/projects/write",
          "Microsoft.Discovery/workspaces/projects/delete"
        ],
        "dataActions": [
          "Microsoft.Discovery/*"
        ],
        "notDataActions": []
      }
    ],
    "createdOn": "2025-07-03T15:24:10.036Z",
    "updatedOn": "2025-07-17T15:20:10.572Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/01288891-85ee-45a7-b367-9db3b752fc65",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "01288891-85ee-45a7-b367-9db3b752fc65"
}

Latest Role JSON

Raw definition from Azure

{
  "properties": {
    "roleName": "Microsoft Discovery Platform Contributor (Preview)",
    "type": "BuiltInRole",
    "description": "Grants permissions to view and operate on most Discovery platform resources, including workspaces, supercomputers, storages, agents, bookshelves, data containers, models, tools, workflows, and investigations, as well as perform data plane actions, but does not allow creating, updating, or deleting core resources such as workspaces, supercomputers, storages, bookshelves, node pools, or projects. This role is in preview and subject to change.",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Discovery/locations/operationStatuses/read",
          "Microsoft.Discovery/operations/read",
          "Microsoft.Discovery/workspaces/read",
          "Microsoft.Discovery/supercomputers/read",
          "Microsoft.Discovery/storages/read",
          "Microsoft.Discovery/agents/*",
          "Microsoft.Discovery/bookshelves/read",
          "Microsoft.Discovery/dataContainers/*",
          "Microsoft.Discovery/dataContainers/dataAssets/*",
          "Microsoft.Discovery/models/*",
          "Microsoft.Discovery/supercomputers/nodePools/read",
          "Microsoft.Discovery/tools/*",
          "Microsoft.Discovery/workflows/*",
          "Microsoft.Discovery/workspaces/projects/read",
          "Microsoft.Discovery/operations/read",
          "Microsoft.Insights/AlertRules/*",
          "Microsoft.Authorization/*/read",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Support/*"
        ],
        "notActions": [
          "Microsoft.Discovery/workspaces/write",
          "Microsoft.Discovery/workspaces/delete",
          "Microsoft.Discovery/supercomputers/write",
          "Microsoft.Discovery/supercomputers/delete",
          "Microsoft.Discovery/storages/write",
          "Microsoft.Discovery/storages/delete",
          "Microsoft.Discovery/bookshelves/write",
          "Microsoft.Discovery/bookshelves/delete",
          "Microsoft.Discovery/supercomputers/nodePools/write",
          "Microsoft.Discovery/supercomputers/nodePools/delete",
          "Microsoft.Discovery/workspaces/projects/write",
          "Microsoft.Discovery/workspaces/projects/delete"
        ],
        "dataActions": [
          "Microsoft.Discovery/*"
        ],
        "notDataActions": []
      }
    ],
    "createdOn": "2025-07-03T15:24:10.036Z",
    "updatedOn": "2025-07-17T15:20:10.572Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/01288891-85ee-45a7-b367-9db3b752fc65",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "01288891-85ee-45a7-b367-9db3b752fc65"
}

Effective Permissions

Operations granted by this role (101 total)

Permission Patterns (from role definition)

Actions 20 patterns
Microsoft.Discovery/locations/operationStatuses/read Microsoft.Discovery/operations/read Microsoft.Discovery/workspaces/read Microsoft.Discovery/supercomputers/read Microsoft.Discovery/storages/read Microsoft.Discovery/agents/* Microsoft.Discovery/bookshelves/read Microsoft.Discovery/dataContainers/* Microsoft.Discovery/dataContainers/dataAssets/* Microsoft.Discovery/models/* Microsoft.Discovery/supercomputers/nodePools/read Microsoft.Discovery/tools/* Microsoft.Discovery/workflows/* Microsoft.Discovery/workspaces/projects/read Microsoft.Discovery/operations/read Microsoft.Insights/AlertRules/* Microsoft.Authorization/*/read Microsoft.Resources/deployments/* Microsoft.Resources/subscriptions/resourceGroups/read Microsoft.Support/*
NotActions (excluded)
Microsoft.Discovery/workspaces/write Microsoft.Discovery/workspaces/delete Microsoft.Discovery/supercomputers/write Microsoft.Discovery/supercomputers/delete Microsoft.Discovery/storages/write Microsoft.Discovery/storages/delete Microsoft.Discovery/bookshelves/write Microsoft.Discovery/bookshelves/delete Microsoft.Discovery/supercomputers/nodePools/write Microsoft.Discovery/supercomputers/nodePools/delete Microsoft.Discovery/workspaces/projects/write Microsoft.Discovery/workspaces/projects/delete
Data Actions 1 pattern
Microsoft.Discovery/*

Control Plane Operations (86)

Data Plane Operations (15)