Back to Operation

Quantum Workspace Owner

Azure Built-in Role

Role Information

Details and metadata

Role ID
30b3bcf2-670a-4bdc-8669-7e0ae0c0dfda
Type
BuiltInRole
Last Updated (Azure)
2024-06-24 15:12:46

Change History

Track all modifications to this role since 2025-12-15 01:08:16+00:00

2024-06-24 15:12:46 Initial Scan
View details 
{
  "properties": {
    "roleName": "Quantum Workspace Owner",
    "type": "BuiltInRole",
    "description": "Allows creating an Azure Quantum Workspace with a linked Storage Account with any Providers. Includes an ABAC condition to constrain role assignments.",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.ResourceHealth/availabilityStatuses/read",
          "Microsoft.Authorization/*/read",
          "Microsoft.Insights/alertRules/*",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Quantum/*",
          "Microsoft.Storage/storageAccounts/listKeys/action",
          "Microsoft.Storage/storageAccounts/write",
          "Microsoft.Storage/storageAccounts/read",
          "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
          "Microsoft.Storage/storageAccounts/blobServices/containers/read",
          "Microsoft.Storage/storageAccounts/blobServices/containers/write",
          "Microsoft.Storage/storageAccounts/blobServices/read",
          "Microsoft.Storage/storageAccounts/fileServices/write",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Resources/subscriptions/resourceGroups/write",
          "Microsoft.Resources/subscriptions/read",
          "Microsoft.Management/managementGroups/read",
          "Microsoft.Support/*",
          "Microsoft.Solutions/applications/read",
          "Microsoft.Solutions/register/action",
          "Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/*"
        ],
        "notActions": [],
        "dataActions": [
          "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
          "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
          "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
        ],
        "notDataActions": []
      },
      {
        "actions": [
          "Microsoft.Authorization/roleAssignments/write"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": [],
        "Condition": "@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{17d1049b-9a84-46fb-8f53-869881c3d3ab}",
        "ConditionVersion": "2.0"
      },
      {
        "actions": [
          "Microsoft.Authorization/roleAssignments/delete"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": [],
        "Condition": "@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{17d1049b-9a84-46fb-8f53-869881c3d3ab}",
        "ConditionVersion": "2.0"
      }
    ],
    "createdOn": "2024-04-08T15:07:50.507Z",
    "updatedOn": "2024-06-24T15:12:46.718Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/30b3bcf2-670a-4bdc-8669-7e0ae0c0dfda",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "30b3bcf2-670a-4bdc-8669-7e0ae0c0dfda"
}

Latest Role JSON

Raw definition from Azure

{
  "properties": {
    "roleName": "Quantum Workspace Owner",
    "type": "BuiltInRole",
    "description": "Allows creating an Azure Quantum Workspace with a linked Storage Account with any Providers. Includes an ABAC condition to constrain role assignments.",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.ResourceHealth/availabilityStatuses/read",
          "Microsoft.Authorization/*/read",
          "Microsoft.Insights/alertRules/*",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Quantum/*",
          "Microsoft.Storage/storageAccounts/listKeys/action",
          "Microsoft.Storage/storageAccounts/write",
          "Microsoft.Storage/storageAccounts/read",
          "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
          "Microsoft.Storage/storageAccounts/blobServices/containers/read",
          "Microsoft.Storage/storageAccounts/blobServices/containers/write",
          "Microsoft.Storage/storageAccounts/blobServices/read",
          "Microsoft.Storage/storageAccounts/fileServices/write",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Resources/subscriptions/resourceGroups/write",
          "Microsoft.Resources/subscriptions/read",
          "Microsoft.Management/managementGroups/read",
          "Microsoft.Support/*",
          "Microsoft.Solutions/applications/read",
          "Microsoft.Solutions/register/action",
          "Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/*"
        ],
        "notActions": [],
        "dataActions": [
          "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
          "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
          "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
        ],
        "notDataActions": []
      },
      {
        "actions": [
          "Microsoft.Authorization/roleAssignments/write"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": [],
        "Condition": "@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{17d1049b-9a84-46fb-8f53-869881c3d3ab}",
        "ConditionVersion": "2.0"
      },
      {
        "actions": [
          "Microsoft.Authorization/roleAssignments/delete"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": [],
        "Condition": "@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{17d1049b-9a84-46fb-8f53-869881c3d3ab}",
        "ConditionVersion": "2.0"
      }
    ],
    "createdOn": "2024-04-08T15:07:50.507Z",
    "updatedOn": "2024-06-24T15:12:46.718Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/30b3bcf2-670a-4bdc-8669-7e0ae0c0dfda",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "30b3bcf2-670a-4bdc-8669-7e0ae0c0dfda"
}

Effective Permissions

Operations granted by this role (94 total)

Conditional Permissions

This role has conditions that may restrict effective permissions based on context (e.g., resource attributes, request properties).

Permission Patterns (from role definition)

Actions 23 patterns
Microsoft.ResourceHealth/availabilityStatuses/read Microsoft.Authorization/*/read Microsoft.Insights/alertRules/* Microsoft.Resources/deployments/* Microsoft.Quantum/* Microsoft.Storage/storageAccounts/listKeys/action Microsoft.Storage/storageAccounts/write Microsoft.Storage/storageAccounts/read Microsoft.Storage/storageAccounts/blobServices/containers/delete Microsoft.Storage/storageAccounts/blobServices/containers/read Microsoft.Storage/storageAccounts/blobServices/containers/write Microsoft.Storage/storageAccounts/blobServices/read Microsoft.Storage/storageAccounts/fileServices/write Microsoft.Resources/subscriptions/resourceGroups/read Microsoft.Resources/subscriptions/resourceGroups/write Microsoft.Resources/subscriptions/read Microsoft.Management/managementGroups/read Microsoft.Support/* Microsoft.Solutions/applications/read Microsoft.Solutions/register/action Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/* Microsoft.Authorization/roleAssignments/write Microsoft.Authorization/roleAssignments/delete
Data Actions 3 patterns
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write

Control Plane Operations (91)

Data Plane Operations (3)