Role Information
Details and metadata
337a31c1-4e14-4ef9-83ed-584bb8d2b70a
Change History
Track all modifications to this role since 2025-12-15 01:08:16+00:00
Updated On
Event Type
Summary & Details
2025-12-18 16:39:09
Updated
properties.updatedOn, properties.permissions
Show full JSON diff
{
"id": "/providers/Microsoft.Authorization/roleDefinitions/337a31c1-4e14-4ef9-83ed-584bb8d2b70a",
"name": "337a31c1-4e14-4ef9-83ed-584bb8d2b70a",
"properties": {
"assignableScopes": [
"/"
],
"createdBy": null,
"createdOn": "2024-10-10T15:41:09.337Z",
"description": "Used by TIPS and FRM MSIs to create, update, delete and manage Fabric resources",
"permissions": [
{
"Condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAllValues:GuidNotEquals {8e3af657-a8ff-443c-a75c-2fe8c4bcb635, 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9, f58310d9-a9f6-439a-9e8d-f62e7b41a168, b24988ac-6180-42a0-ab88-20f7382dd24c}))",
"ConditionVersion": "2.0",
"actions": [
"Microsoft.AlertsManagement/smartDetectorAlertRules/delete",
"Microsoft.App/containerApps/*/delete",
"Microsoft.App/containerApps/*/write",
"Microsoft.App/managedEnvironments/*/action",
"Microsoft.App/managedEnvironments/*/delete",
"Microsoft.App/managedEnvironments/*/read",
"Microsoft.App/managedEnvironments/*/write",
"Microsoft.app/register/action",
"Microsoft.app/sessionpools/read",
"Microsoft.app/containerapps/read",
"Microsoft.MessagingCatalogs/catalogs/*",
"Microsoft.Authorization/*/read",
"Microsoft.Authorization/roleAssignments/delete",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Automation/automationAccounts/*",
"Microsoft.Cache/checknameavailability/action",
"Microsoft.Cache/redis/*",
"Microsoft.Cache/redisEnterprise/*",
"Microsoft.Cache/register/action",
"Microsoft.ChangeAnalysis/unregister/action",
"Microsoft.CognitiveServices/*",
"Microsoft.CognitiveServices/register/action",
"Microsoft.Compute/disks/delete",
"Microsoft.Compute/sshPublicKeys/delete",
"Microsoft.Compute/virtualMachines/delete",
"Microsoft.DocumentDb/databaseAccounts/*",
"Microsoft.DocumentDB/locations/operationsStatus/read",
"Microsoft.DocumentDB/register/action",
"Microsoft.DataProtection/backupVaults/*/write",
"Microsoft.DataProtection/backupVaults/*/read",
"Microsoft.DataProtection/backupVaults/*/action",
"Microsoft.DataProtection/backupVaults/*/delete",
"Microsoft.DataProtection/locations/*/read",
"Microsoft.DataProtection/locations/*/action",
"Microsoft.DataProtection/register/action",
"Microsoft.EventGrid/*",
"Microsoft.EventGrid/register/action",
"Microsoft.EventHub/*",
"Microsoft.EventHub/checkNameAvailability/action",
"Microsoft.EventHub/register/action",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.fabric/*/delete",
"Microsoft.Features/providers/features/register/action",
"Microsoft.Features/*/read",
"Microsoft.Insights/ActionGroups/Delete",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/autoscalesettings/*",
"Microsoft.Insights/Components/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Insights/eventtypes/values/Read",
"Microsoft.Insights/generateLiveToken/Read",
"Microsoft.Insights/Metrics/Read",
"Microsoft.Insights/Register/Action",
"Microsoft.KeyVault/register/action",
"Microsoft.KeyVault/vaults/delete",
+ "Microsoft.KeyVault/vaults/read",
"Microsoft.MachineLearningServices/workspaces/*",
"Microsoft.ManagedIdentity/register/action",
"Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action",
"Microsoft.ManagedIdentity/userAssignedIdentities/assign/action",
"Microsoft.ManagedIdentity/userAssignedIdentities/delete",
"Microsoft.ManagedIdentity/userAssignedIdentities/read",
"Microsoft.ManagedIdentity/userAssignedIdentities/write",
+ "Microsoft.Maps/accounts/write",
+ "Microsoft.Maps/accounts/read",
+ "Microsoft.Maps/accounts/delete",
+ "Microsoft.Maps/register/action",
"Microsoft.messagingconnectors/*/delete",
"Microsoft.messagingconnectors/*/write",
"Microsoft.MessagingConnectors/connectors/pause/action",
"Microsoft.Network/*",
"Microsoft.Network/applicationSecurityGroups/joinNetworkSecurityRule/action",
"Microsoft.Network/serviceEndpointPolicies/join/action",
"Microsoft.OperationalInsights/*",
"Microsoft.operationalinsights/register/action",
"Microsoft.RecoveryServices/Vaults/delete",
"Microsoft.ResourceHealth/AvailabilityStatuses/read",
"Microsoft.ResourceHealth/register/action",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/deploymentScripts/*",
"Microsoft.Resources/subscriptions/providers/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/*",
"Microsoft.Resources/subscriptions/resources/read",
"Microsoft.resources/templatespecs/*/read",
"Microsoft.Security/assessments/read",
"Microsoft.ServiceBus/*",
"Microsoft.ServiceBus/checkNameAvailability/action",
"Microsoft.ServiceBus/register/action",
"Microsoft.Sql/register/action",
"Microsoft.Sql/servers/*",
"Microsoft.Sql/servers/administrators/write",
"Microsoft.Sql/servers/azureADOnlyAuthentications/write",
"Microsoft.Sql/servers/databases/*",
"Microsoft.Storage/checknameavailability/read",
"Microsoft.Storage/operations/read",
"Microsoft.Storage/register/action",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.StreamAnalytics/clusters/Delete",
"Microsoft.StreamAnalytics/clusters/Write",
"Microsoft.streamanalytics/locations/*/read",
"Microsoft.StreamAnalytics/locations/SampleInput/action",
"Microsoft.StreamAnalytics/locations/TestQuery/action",
"Microsoft.StreamAnalytics/Register/action",
"Microsoft.StreamAnalytics/streamingjobs/*",
"Microsoft.Support/*",
"Microsoft.Synapse/privateLinkHubs/delete",
"Microsoft.Synapse/workspaces/delete",
"Microsoft.web/checknameavailability/read",
"Microsoft.Web/hostingEnvironments/Join/Action",
"Microsoft.web/kubeenvironments/*/action",
"Microsoft.web/register/action",
"Microsoft.Web/serverFarms/*",
"Microsoft.Web/sites/*",
"Microsoft.Insights/metricAlerts/*",
"Microsoft.KeyVault/checkNameAvailability/read",
"Microsoft.KeyVault/vaults/write",
"Microsoft.KeyVault/vaults/accessPolicies/write",
"Microsoft.App/sessionpools/write",
"Microsoft.App/sessionpools/delete",
"Microsoft.MessagingCatalog/*",
"Microsoft.ContainerInstance/containerGroups/*",
"Microsoft.ContainerInstance/register/action",
"Microsoft.Authorization/register/action",
+ "Microsoft.Authorization/locks/write",
+ "Microsoft.Authorization/locks/read",
+ "Microsoft.Authorization/locks/delete"
],
"dataActions": [],
"notActions": [],
"notDataActions": []
}
],
"roleName": "Fabric Resource Management Administrator",
"type": "BuiltInRole",
"updatedBy": null,
- "updatedOn": "2025-12-11T16:42:41.637Z"
+ "updatedOn": "2025-12-18T16:39:09.168Z"
},
"type": "Microsoft.Authorization/roleDefinitions"
}
2025-12-18 16:39:09
Updated
properties.updatedOn, properties.permissions
View details
{
"id": "/providers/Microsoft.Authorization/roleDefinitions/337a31c1-4e14-4ef9-83ed-584bb8d2b70a",
"name": "337a31c1-4e14-4ef9-83ed-584bb8d2b70a",
"properties": {
"assignableScopes": [
"/"
],
"createdBy": null,
"createdOn": "2024-10-10T15:41:09.337Z",
"description": "Used by TIPS and FRM MSIs to create, update, delete and manage Fabric resources",
"permissions": [
{
"Condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAllValues:GuidNotEquals {8e3af657-a8ff-443c-a75c-2fe8c4bcb635, 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9, f58310d9-a9f6-439a-9e8d-f62e7b41a168, b24988ac-6180-42a0-ab88-20f7382dd24c}))",
"ConditionVersion": "2.0",
"actions": [
"Microsoft.AlertsManagement/smartDetectorAlertRules/delete",
"Microsoft.App/containerApps/*/delete",
"Microsoft.App/containerApps/*/write",
"Microsoft.App/managedEnvironments/*/action",
"Microsoft.App/managedEnvironments/*/delete",
"Microsoft.App/managedEnvironments/*/read",
"Microsoft.App/managedEnvironments/*/write",
"Microsoft.app/register/action",
"Microsoft.app/sessionpools/read",
"Microsoft.app/containerapps/read",
"Microsoft.MessagingCatalogs/catalogs/*",
"Microsoft.Authorization/*/read",
"Microsoft.Authorization/roleAssignments/delete",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Automation/automationAccounts/*",
"Microsoft.Cache/checknameavailability/action",
"Microsoft.Cache/redis/*",
"Microsoft.Cache/redisEnterprise/*",
"Microsoft.Cache/register/action",
"Microsoft.ChangeAnalysis/unregister/action",
"Microsoft.CognitiveServices/*",
"Microsoft.CognitiveServices/register/action",
"Microsoft.Compute/disks/delete",
"Microsoft.Compute/sshPublicKeys/delete",
"Microsoft.Compute/virtualMachines/delete",
"Microsoft.DocumentDb/databaseAccounts/*",
"Microsoft.DocumentDB/locations/operationsStatus/read",
"Microsoft.DocumentDB/register/action",
"Microsoft.DataProtection/backupVaults/*/write",
"Microsoft.DataProtection/backupVaults/*/read",
"Microsoft.DataProtection/backupVaults/*/action",
"Microsoft.DataProtection/backupVaults/*/delete",
"Microsoft.DataProtection/locations/*/read",
"Microsoft.DataProtection/locations/*/action",
"Microsoft.DataProtection/register/action",
"Microsoft.EventGrid/*",
"Microsoft.EventGrid/register/action",
"Microsoft.EventHub/*",
"Microsoft.EventHub/checkNameAvailability/action",
"Microsoft.EventHub/register/action",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.fabric/*/delete",
"Microsoft.Features/providers/features/register/action",
"Microsoft.Features/*/read",
"Microsoft.Insights/ActionGroups/Delete",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/autoscalesettings/*",
"Microsoft.Insights/Components/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Insights/eventtypes/values/Read",
"Microsoft.Insights/generateLiveToken/Read",
"Microsoft.Insights/Metrics/Read",
"Microsoft.Insights/Register/Action",
"Microsoft.KeyVault/register/action",
"Microsoft.KeyVault/vaults/delete",
+ "Microsoft.KeyVault/vaults/read",
"Microsoft.MachineLearningServices/workspaces/*",
"Microsoft.ManagedIdentity/register/action",
"Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action",
"Microsoft.ManagedIdentity/userAssignedIdentities/assign/action",
"Microsoft.ManagedIdentity/userAssignedIdentities/delete",
"Microsoft.ManagedIdentity/userAssignedIdentities/read",
"Microsoft.ManagedIdentity/userAssignedIdentities/write",
+ "Microsoft.Maps/accounts/write",
+ "Microsoft.Maps/accounts/read",
+ "Microsoft.Maps/accounts/delete",
+ "Microsoft.Maps/register/action",
"Microsoft.messagingconnectors/*/delete",
"Microsoft.messagingconnectors/*/write",
"Microsoft.MessagingConnectors/connectors/pause/action",
"Microsoft.Network/*",
"Microsoft.Network/applicationSecurityGroups/joinNetworkSecurityRule/action",
"Microsoft.Network/serviceEndpointPolicies/join/action",
"Microsoft.OperationalInsights/*",
"Microsoft.operationalinsights/register/action",
"Microsoft.RecoveryServices/Vaults/delete",
"Microsoft.ResourceHealth/AvailabilityStatuses/read",
"Microsoft.ResourceHealth/register/action",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/deploymentScripts/*",
"Microsoft.Resources/subscriptions/providers/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/*",
"Microsoft.Resources/subscriptions/resources/read",
"Microsoft.resources/templatespecs/*/read",
"Microsoft.Security/assessments/read",
"Microsoft.ServiceBus/*",
"Microsoft.ServiceBus/checkNameAvailability/action",
"Microsoft.ServiceBus/register/action",
"Microsoft.Sql/register/action",
"Microsoft.Sql/servers/*",
"Microsoft.Sql/servers/administrators/write",
"Microsoft.Sql/servers/azureADOnlyAuthentications/write",
"Microsoft.Sql/servers/databases/*",
"Microsoft.Storage/checknameavailability/read",
"Microsoft.Storage/operations/read",
"Microsoft.Storage/register/action",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.StreamAnalytics/clusters/Delete",
"Microsoft.StreamAnalytics/clusters/Write",
"Microsoft.streamanalytics/locations/*/read",
"Microsoft.StreamAnalytics/locations/SampleInput/action",
"Microsoft.StreamAnalytics/locations/TestQuery/action",
"Microsoft.StreamAnalytics/Register/action",
"Microsoft.StreamAnalytics/streamingjobs/*",
"Microsoft.Support/*",
"Microsoft.Synapse/privateLinkHubs/delete",
"Microsoft.Synapse/workspaces/delete",
"Microsoft.web/checknameavailability/read",
"Microsoft.Web/hostingEnvironments/Join/Action",
"Microsoft.web/kubeenvironments/*/action",
"Microsoft.web/register/action",
"Microsoft.Web/serverFarms/*",
"Microsoft.Web/sites/*",
"Microsoft.Insights/metricAlerts/*",
"Microsoft.KeyVault/checkNameAvailability/read",
"Microsoft.KeyVault/vaults/write",
"Microsoft.KeyVault/vaults/accessPolicies/write",
"Microsoft.App/sessionpools/write",
"Microsoft.App/sessionpools/delete",
"Microsoft.MessagingCatalog/*",
"Microsoft.ContainerInstance/containerGroups/*",
"Microsoft.ContainerInstance/register/action",
"Microsoft.Authorization/register/action",
+ "Microsoft.Authorization/locks/write",
+ "Microsoft.Authorization/locks/read",
+ "Microsoft.Authorization/locks/delete"
],
"dataActions": [],
"notActions": [],
"notDataActions": []
}
],
"roleName": "Fabric Resource Management Administrator",
"type": "BuiltInRole",
"updatedBy": null,
- "updatedOn": "2025-12-11T16:42:41.637Z"
+ "updatedOn": "2025-12-18T16:39:09.168Z"
},
"type": "Microsoft.Authorization/roleDefinitions"
}
2025-12-11 16:42:41
Initial Scan
Show full JSON
{
"properties": {
"roleName": "Fabric Resource Management Administrator",
"type": "BuiltInRole",
"description": "Used by TIPS and FRM MSIs to create, update, delete and manage Fabric resources",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.AlertsManagement/smartDetectorAlertRules/delete",
"Microsoft.App/containerApps/*/delete",
"Microsoft.App/containerApps/*/write",
"Microsoft.App/managedEnvironments/*/action",
"Microsoft.App/managedEnvironments/*/delete",
"Microsoft.App/managedEnvironments/*/read",
"Microsoft.App/managedEnvironments/*/write",
"Microsoft.app/register/action",
"Microsoft.app/sessionpools/read",
"Microsoft.app/containerapps/read",
"Microsoft.MessagingCatalogs/catalogs/*",
"Microsoft.Authorization/*/read",
"Microsoft.Authorization/roleAssignments/delete",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Automation/automationAccounts/*",
"Microsoft.Cache/checknameavailability/action",
"Microsoft.Cache/redis/*",
"Microsoft.Cache/redisEnterprise/*",
"Microsoft.Cache/register/action",
"Microsoft.ChangeAnalysis/unregister/action",
"Microsoft.CognitiveServices/*",
"Microsoft.CognitiveServices/register/action",
"Microsoft.Compute/disks/delete",
"Microsoft.Compute/sshPublicKeys/delete",
"Microsoft.Compute/virtualMachines/delete",
"Microsoft.DocumentDb/databaseAccounts/*",
"Microsoft.DocumentDB/locations/operationsStatus/read",
"Microsoft.DocumentDB/register/action",
"Microsoft.DataProtection/backupVaults/*/write",
"Microsoft.DataProtection/backupVaults/*/read",
"Microsoft.DataProtection/backupVaults/*/action",
"Microsoft.DataProtection/backupVaults/*/delete",
"Microsoft.DataProtection/locations/*/read",
"Microsoft.DataProtection/locations/*/action",
"Microsoft.DataProtection/register/action",
"Microsoft.EventGrid/*",
"Microsoft.EventGrid/register/action",
"Microsoft.EventHub/*",
"Microsoft.EventHub/checkNameAvailability/action",
"Microsoft.EventHub/register/action",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.fabric/*/delete",
"Microsoft.Features/providers/features/register/action",
"Microsoft.Features/*/read",
"Microsoft.Insights/ActionGroups/Delete",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/autoscalesettings/*",
"Microsoft.Insights/Components/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Insights/eventtypes/values/Read",
"Microsoft.Insights/generateLiveToken/Read",
"Microsoft.Insights/Metrics/Read",
"Microsoft.Insights/Register/Action",
"Microsoft.KeyVault/register/action",
"Microsoft.KeyVault/vaults/delete",
"Microsoft.KeyVault/vaults/read",
"Microsoft.MachineLearningServices/workspaces/*",
"Microsoft.ManagedIdentity/register/action",
"Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action",
"Microsoft.ManagedIdentity/userAssignedIdentities/assign/action",
"Microsoft.ManagedIdentity/userAssignedIdentities/delete",
"Microsoft.ManagedIdentity/userAssignedIdentities/read",
"Microsoft.ManagedIdentity/userAssignedIdentities/write",
"Microsoft.Maps/accounts/write",
"Microsoft.Maps/accounts/read",
"Microsoft.Maps/accounts/delete",
"Microsoft.Maps/register/action",
"Microsoft.messagingconnectors/*/delete",
"Microsoft.messagingconnectors/*/write",
"Microsoft.MessagingConnectors/connectors/pause/action",
"Microsoft.Network/*",
"Microsoft.Network/applicationSecurityGroups/joinNetworkSecurityRule/action",
"Microsoft.Network/serviceEndpointPolicies/join/action",
"Microsoft.OperationalInsights/*",
"Microsoft.operationalinsights/register/action",
"Microsoft.RecoveryServices/Vaults/delete",
"Microsoft.ResourceHealth/AvailabilityStatuses/read",
"Microsoft.ResourceHealth/register/action",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/deploymentScripts/*",
"Microsoft.Resources/subscriptions/providers/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/*",
"Microsoft.Resources/subscriptions/resources/read",
"Microsoft.resources/templatespecs/*/read",
"Microsoft.Security/assessments/read",
"Microsoft.ServiceBus/*",
"Microsoft.ServiceBus/checkNameAvailability/action",
"Microsoft.ServiceBus/register/action",
"Microsoft.Sql/register/action",
"Microsoft.Sql/servers/*",
"Microsoft.Sql/servers/administrators/write",
"Microsoft.Sql/servers/azureADOnlyAuthentications/write",
"Microsoft.Sql/servers/databases/*",
"Microsoft.Storage/checknameavailability/read",
"Microsoft.Storage/operations/read",
"Microsoft.Storage/register/action",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.StreamAnalytics/clusters/Delete",
"Microsoft.StreamAnalytics/clusters/Write",
"Microsoft.streamanalytics/locations/*/read",
"Microsoft.StreamAnalytics/locations/SampleInput/action",
"Microsoft.StreamAnalytics/locations/TestQuery/action",
"Microsoft.StreamAnalytics/Register/action",
"Microsoft.StreamAnalytics/streamingjobs/*",
"Microsoft.Support/*",
"Microsoft.Synapse/privateLinkHubs/delete",
"Microsoft.Synapse/workspaces/delete",
"Microsoft.web/checknameavailability/read",
"Microsoft.Web/hostingEnvironments/Join/Action",
"Microsoft.web/kubeenvironments/*/action",
"Microsoft.web/register/action",
"Microsoft.Web/serverFarms/*",
"Microsoft.Web/sites/*",
"Microsoft.Insights/metricAlerts/*",
"Microsoft.KeyVault/checkNameAvailability/read",
"Microsoft.KeyVault/vaults/write",
"Microsoft.KeyVault/vaults/accessPolicies/write",
"Microsoft.App/sessionpools/write",
"Microsoft.App/sessionpools/delete",
"Microsoft.MessagingCatalog/*",
"Microsoft.ContainerInstance/containerGroups/*",
"Microsoft.ContainerInstance/register/action",
"Microsoft.Authorization/register/action",
"Microsoft.Authorization/locks/write",
"Microsoft.Authorization/locks/read",
"Microsoft.Authorization/locks/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"Condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAllValues:GuidNotEquals {8e3af657-a8ff-443c-a75c-2fe8c4bcb635, 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9, f58310d9-a9f6-439a-9e8d-f62e7b41a168, b24988ac-6180-42a0-ab88-20f7382dd24c}))",
"ConditionVersion": "2.0"
}
],
"createdOn": "2024-10-10T15:41:09.337Z",
"updatedOn": "2025-12-18T16:39:09.168Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/337a31c1-4e14-4ef9-83ed-584bb8d2b70a",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "337a31c1-4e14-4ef9-83ed-584bb8d2b70a"
}
2025-12-11 16:42:41
Initial Scan
View details
{
"properties": {
"roleName": "Fabric Resource Management Administrator",
"type": "BuiltInRole",
"description": "Used by TIPS and FRM MSIs to create, update, delete and manage Fabric resources",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.AlertsManagement/smartDetectorAlertRules/delete",
"Microsoft.App/containerApps/*/delete",
"Microsoft.App/containerApps/*/write",
"Microsoft.App/managedEnvironments/*/action",
"Microsoft.App/managedEnvironments/*/delete",
"Microsoft.App/managedEnvironments/*/read",
"Microsoft.App/managedEnvironments/*/write",
"Microsoft.app/register/action",
"Microsoft.app/sessionpools/read",
"Microsoft.app/containerapps/read",
"Microsoft.MessagingCatalogs/catalogs/*",
"Microsoft.Authorization/*/read",
"Microsoft.Authorization/roleAssignments/delete",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Automation/automationAccounts/*",
"Microsoft.Cache/checknameavailability/action",
"Microsoft.Cache/redis/*",
"Microsoft.Cache/redisEnterprise/*",
"Microsoft.Cache/register/action",
"Microsoft.ChangeAnalysis/unregister/action",
"Microsoft.CognitiveServices/*",
"Microsoft.CognitiveServices/register/action",
"Microsoft.Compute/disks/delete",
"Microsoft.Compute/sshPublicKeys/delete",
"Microsoft.Compute/virtualMachines/delete",
"Microsoft.DocumentDb/databaseAccounts/*",
"Microsoft.DocumentDB/locations/operationsStatus/read",
"Microsoft.DocumentDB/register/action",
"Microsoft.DataProtection/backupVaults/*/write",
"Microsoft.DataProtection/backupVaults/*/read",
"Microsoft.DataProtection/backupVaults/*/action",
"Microsoft.DataProtection/backupVaults/*/delete",
"Microsoft.DataProtection/locations/*/read",
"Microsoft.DataProtection/locations/*/action",
"Microsoft.DataProtection/register/action",
"Microsoft.EventGrid/*",
"Microsoft.EventGrid/register/action",
"Microsoft.EventHub/*",
"Microsoft.EventHub/checkNameAvailability/action",
"Microsoft.EventHub/register/action",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.fabric/*/delete",
"Microsoft.Features/providers/features/register/action",
"Microsoft.Features/*/read",
"Microsoft.Insights/ActionGroups/Delete",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/autoscalesettings/*",
"Microsoft.Insights/Components/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Insights/eventtypes/values/Read",
"Microsoft.Insights/generateLiveToken/Read",
"Microsoft.Insights/Metrics/Read",
"Microsoft.Insights/Register/Action",
"Microsoft.KeyVault/register/action",
"Microsoft.KeyVault/vaults/delete",
"Microsoft.KeyVault/vaults/read",
"Microsoft.MachineLearningServices/workspaces/*",
"Microsoft.ManagedIdentity/register/action",
"Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action",
"Microsoft.ManagedIdentity/userAssignedIdentities/assign/action",
"Microsoft.ManagedIdentity/userAssignedIdentities/delete",
"Microsoft.ManagedIdentity/userAssignedIdentities/read",
"Microsoft.ManagedIdentity/userAssignedIdentities/write",
"Microsoft.Maps/accounts/write",
"Microsoft.Maps/accounts/read",
"Microsoft.Maps/accounts/delete",
"Microsoft.Maps/register/action",
"Microsoft.messagingconnectors/*/delete",
"Microsoft.messagingconnectors/*/write",
"Microsoft.MessagingConnectors/connectors/pause/action",
"Microsoft.Network/*",
"Microsoft.Network/applicationSecurityGroups/joinNetworkSecurityRule/action",
"Microsoft.Network/serviceEndpointPolicies/join/action",
"Microsoft.OperationalInsights/*",
"Microsoft.operationalinsights/register/action",
"Microsoft.RecoveryServices/Vaults/delete",
"Microsoft.ResourceHealth/AvailabilityStatuses/read",
"Microsoft.ResourceHealth/register/action",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/deploymentScripts/*",
"Microsoft.Resources/subscriptions/providers/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/*",
"Microsoft.Resources/subscriptions/resources/read",
"Microsoft.resources/templatespecs/*/read",
"Microsoft.Security/assessments/read",
"Microsoft.ServiceBus/*",
"Microsoft.ServiceBus/checkNameAvailability/action",
"Microsoft.ServiceBus/register/action",
"Microsoft.Sql/register/action",
"Microsoft.Sql/servers/*",
"Microsoft.Sql/servers/administrators/write",
"Microsoft.Sql/servers/azureADOnlyAuthentications/write",
"Microsoft.Sql/servers/databases/*",
"Microsoft.Storage/checknameavailability/read",
"Microsoft.Storage/operations/read",
"Microsoft.Storage/register/action",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.StreamAnalytics/clusters/Delete",
"Microsoft.StreamAnalytics/clusters/Write",
"Microsoft.streamanalytics/locations/*/read",
"Microsoft.StreamAnalytics/locations/SampleInput/action",
"Microsoft.StreamAnalytics/locations/TestQuery/action",
"Microsoft.StreamAnalytics/Register/action",
"Microsoft.StreamAnalytics/streamingjobs/*",
"Microsoft.Support/*",
"Microsoft.Synapse/privateLinkHubs/delete",
"Microsoft.Synapse/workspaces/delete",
"Microsoft.web/checknameavailability/read",
"Microsoft.Web/hostingEnvironments/Join/Action",
"Microsoft.web/kubeenvironments/*/action",
"Microsoft.web/register/action",
"Microsoft.Web/serverFarms/*",
"Microsoft.Web/sites/*",
"Microsoft.Insights/metricAlerts/*",
"Microsoft.KeyVault/checkNameAvailability/read",
"Microsoft.KeyVault/vaults/write",
"Microsoft.KeyVault/vaults/accessPolicies/write",
"Microsoft.App/sessionpools/write",
"Microsoft.App/sessionpools/delete",
"Microsoft.MessagingCatalog/*",
"Microsoft.ContainerInstance/containerGroups/*",
"Microsoft.ContainerInstance/register/action",
"Microsoft.Authorization/register/action",
"Microsoft.Authorization/locks/write",
"Microsoft.Authorization/locks/read",
"Microsoft.Authorization/locks/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"Condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAllValues:GuidNotEquals {8e3af657-a8ff-443c-a75c-2fe8c4bcb635, 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9, f58310d9-a9f6-439a-9e8d-f62e7b41a168, b24988ac-6180-42a0-ab88-20f7382dd24c}))",
"ConditionVersion": "2.0"
}
],
"createdOn": "2024-10-10T15:41:09.337Z",
"updatedOn": "2025-12-18T16:39:09.168Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/337a31c1-4e14-4ef9-83ed-584bb8d2b70a",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "337a31c1-4e14-4ef9-83ed-584bb8d2b70a"
}
Latest Role JSON
Raw definition from Azure
{
"properties": {
"roleName": "Fabric Resource Management Administrator",
"type": "BuiltInRole",
"description": "Used by TIPS and FRM MSIs to create, update, delete and manage Fabric resources",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.AlertsManagement/smartDetectorAlertRules/delete",
"Microsoft.App/containerApps/*/delete",
"Microsoft.App/containerApps/*/write",
"Microsoft.App/managedEnvironments/*/action",
"Microsoft.App/managedEnvironments/*/delete",
"Microsoft.App/managedEnvironments/*/read",
"Microsoft.App/managedEnvironments/*/write",
"Microsoft.app/register/action",
"Microsoft.app/sessionpools/read",
"Microsoft.app/containerapps/read",
"Microsoft.MessagingCatalogs/catalogs/*",
"Microsoft.Authorization/*/read",
"Microsoft.Authorization/roleAssignments/delete",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Automation/automationAccounts/*",
"Microsoft.Cache/checknameavailability/action",
"Microsoft.Cache/redis/*",
"Microsoft.Cache/redisEnterprise/*",
"Microsoft.Cache/register/action",
"Microsoft.ChangeAnalysis/unregister/action",
"Microsoft.CognitiveServices/*",
"Microsoft.CognitiveServices/register/action",
"Microsoft.Compute/disks/delete",
"Microsoft.Compute/sshPublicKeys/delete",
"Microsoft.Compute/virtualMachines/delete",
"Microsoft.DocumentDb/databaseAccounts/*",
"Microsoft.DocumentDB/locations/operationsStatus/read",
"Microsoft.DocumentDB/register/action",
"Microsoft.DataProtection/backupVaults/*/write",
"Microsoft.DataProtection/backupVaults/*/read",
"Microsoft.DataProtection/backupVaults/*/action",
"Microsoft.DataProtection/backupVaults/*/delete",
"Microsoft.DataProtection/locations/*/read",
"Microsoft.DataProtection/locations/*/action",
"Microsoft.DataProtection/register/action",
"Microsoft.EventGrid/*",
"Microsoft.EventGrid/register/action",
"Microsoft.EventHub/*",
"Microsoft.EventHub/checkNameAvailability/action",
"Microsoft.EventHub/register/action",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.fabric/*/delete",
"Microsoft.Features/providers/features/register/action",
"Microsoft.Features/*/read",
"Microsoft.Insights/ActionGroups/Delete",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/autoscalesettings/*",
"Microsoft.Insights/Components/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Insights/eventtypes/values/Read",
"Microsoft.Insights/generateLiveToken/Read",
"Microsoft.Insights/Metrics/Read",
"Microsoft.Insights/Register/Action",
"Microsoft.KeyVault/register/action",
"Microsoft.KeyVault/vaults/delete",
"Microsoft.KeyVault/vaults/read",
"Microsoft.MachineLearningServices/workspaces/*",
"Microsoft.ManagedIdentity/register/action",
"Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action",
"Microsoft.ManagedIdentity/userAssignedIdentities/assign/action",
"Microsoft.ManagedIdentity/userAssignedIdentities/delete",
"Microsoft.ManagedIdentity/userAssignedIdentities/read",
"Microsoft.ManagedIdentity/userAssignedIdentities/write",
"Microsoft.Maps/accounts/write",
"Microsoft.Maps/accounts/read",
"Microsoft.Maps/accounts/delete",
"Microsoft.Maps/register/action",
"Microsoft.messagingconnectors/*/delete",
"Microsoft.messagingconnectors/*/write",
"Microsoft.MessagingConnectors/connectors/pause/action",
"Microsoft.Network/*",
"Microsoft.Network/applicationSecurityGroups/joinNetworkSecurityRule/action",
"Microsoft.Network/serviceEndpointPolicies/join/action",
"Microsoft.OperationalInsights/*",
"Microsoft.operationalinsights/register/action",
"Microsoft.RecoveryServices/Vaults/delete",
"Microsoft.ResourceHealth/AvailabilityStatuses/read",
"Microsoft.ResourceHealth/register/action",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/deploymentScripts/*",
"Microsoft.Resources/subscriptions/providers/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/*",
"Microsoft.Resources/subscriptions/resources/read",
"Microsoft.resources/templatespecs/*/read",
"Microsoft.Security/assessments/read",
"Microsoft.ServiceBus/*",
"Microsoft.ServiceBus/checkNameAvailability/action",
"Microsoft.ServiceBus/register/action",
"Microsoft.Sql/register/action",
"Microsoft.Sql/servers/*",
"Microsoft.Sql/servers/administrators/write",
"Microsoft.Sql/servers/azureADOnlyAuthentications/write",
"Microsoft.Sql/servers/databases/*",
"Microsoft.Storage/checknameavailability/read",
"Microsoft.Storage/operations/read",
"Microsoft.Storage/register/action",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.StreamAnalytics/clusters/Delete",
"Microsoft.StreamAnalytics/clusters/Write",
"Microsoft.streamanalytics/locations/*/read",
"Microsoft.StreamAnalytics/locations/SampleInput/action",
"Microsoft.StreamAnalytics/locations/TestQuery/action",
"Microsoft.StreamAnalytics/Register/action",
"Microsoft.StreamAnalytics/streamingjobs/*",
"Microsoft.Support/*",
"Microsoft.Synapse/privateLinkHubs/delete",
"Microsoft.Synapse/workspaces/delete",
"Microsoft.web/checknameavailability/read",
"Microsoft.Web/hostingEnvironments/Join/Action",
"Microsoft.web/kubeenvironments/*/action",
"Microsoft.web/register/action",
"Microsoft.Web/serverFarms/*",
"Microsoft.Web/sites/*",
"Microsoft.Insights/metricAlerts/*",
"Microsoft.KeyVault/checkNameAvailability/read",
"Microsoft.KeyVault/vaults/write",
"Microsoft.KeyVault/vaults/accessPolicies/write",
"Microsoft.App/sessionpools/write",
"Microsoft.App/sessionpools/delete",
"Microsoft.MessagingCatalog/*",
"Microsoft.ContainerInstance/containerGroups/*",
"Microsoft.ContainerInstance/register/action",
"Microsoft.Authorization/register/action",
"Microsoft.Authorization/locks/write",
"Microsoft.Authorization/locks/read",
"Microsoft.Authorization/locks/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"Condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAllValues:GuidNotEquals {8e3af657-a8ff-443c-a75c-2fe8c4bcb635, 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9, f58310d9-a9f6-439a-9e8d-f62e7b41a168, b24988ac-6180-42a0-ab88-20f7382dd24c}))",
"ConditionVersion": "2.0"
}
],
"createdOn": "2024-10-10T15:41:09.337Z",
"updatedOn": "2025-12-18T16:39:09.168Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/337a31c1-4e14-4ef9-83ed-584bb8d2b70a",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "337a31c1-4e14-4ef9-83ed-584bb8d2b70a"
}
Effective Permissions
Operations granted by this role (4565 total)
Conditional Permissions
This role has conditions that may restrict effective permissions based on context (e.g., resource attributes, request properties).
Permission Patterns (from role definition)
Actions
128 patterns
Microsoft.AlertsManagement/smartDetectorAlertRules/delete
Microsoft.App/containerApps/*/delete
Microsoft.App/containerApps/*/write
Microsoft.App/managedEnvironments/*/action
Microsoft.App/managedEnvironments/*/delete
Microsoft.App/managedEnvironments/*/read
Microsoft.App/managedEnvironments/*/write
Microsoft.app/register/action
Microsoft.app/sessionpools/read
Microsoft.app/containerapps/read
Microsoft.MessagingCatalogs/catalogs/*
Microsoft.Authorization/*/read
Microsoft.Authorization/roleAssignments/delete
Microsoft.Authorization/roleAssignments/read
Microsoft.Authorization/roleAssignments/write
Microsoft.Automation/automationAccounts/*
Microsoft.Cache/checknameavailability/action
Microsoft.Cache/redis/*
Microsoft.Cache/redisEnterprise/*
Microsoft.Cache/register/action
Microsoft.ChangeAnalysis/unregister/action
Microsoft.CognitiveServices/*
Microsoft.CognitiveServices/register/action
Microsoft.Compute/disks/delete
Microsoft.Compute/sshPublicKeys/delete
Microsoft.Compute/virtualMachines/delete
Microsoft.DocumentDb/databaseAccounts/*
Microsoft.DocumentDB/locations/operationsStatus/read
Microsoft.DocumentDB/register/action
Microsoft.DataProtection/backupVaults/*/write
Microsoft.DataProtection/backupVaults/*/read
Microsoft.DataProtection/backupVaults/*/action
Microsoft.DataProtection/backupVaults/*/delete
Microsoft.DataProtection/locations/*/read
Microsoft.DataProtection/locations/*/action
Microsoft.DataProtection/register/action
Microsoft.EventGrid/*
Microsoft.EventGrid/register/action
Microsoft.EventHub/*
Microsoft.EventHub/checkNameAvailability/action
Microsoft.EventHub/register/action
Microsoft.ExtendedLocation/customLocations/deploy/action
Microsoft.fabric/*/delete
Microsoft.Features/providers/features/register/action
Microsoft.Features/*/read
Microsoft.Insights/ActionGroups/Delete
Microsoft.Insights/alertRules/*
Microsoft.Insights/autoscalesettings/*
Microsoft.Insights/Components/*
Microsoft.Insights/diagnosticSettings/*
Microsoft.Insights/eventtypes/values/Read
Microsoft.Insights/generateLiveToken/Read
Microsoft.Insights/Metrics/Read
Microsoft.Insights/Register/Action
Microsoft.KeyVault/register/action
Microsoft.KeyVault/vaults/delete
Microsoft.KeyVault/vaults/read
Microsoft.MachineLearningServices/workspaces/*
Microsoft.ManagedIdentity/register/action
Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action
Microsoft.ManagedIdentity/userAssignedIdentities/assign/action
Microsoft.ManagedIdentity/userAssignedIdentities/delete
Microsoft.ManagedIdentity/userAssignedIdentities/read
Microsoft.ManagedIdentity/userAssignedIdentities/write
Microsoft.Maps/accounts/write
Microsoft.Maps/accounts/read
Microsoft.Maps/accounts/delete
Microsoft.Maps/register/action
Microsoft.messagingconnectors/*/delete
Microsoft.messagingconnectors/*/write
Microsoft.MessagingConnectors/connectors/pause/action
Microsoft.Network/*
Microsoft.Network/applicationSecurityGroups/joinNetworkSecurityRule/action
Microsoft.Network/serviceEndpointPolicies/join/action
Microsoft.OperationalInsights/*
Microsoft.operationalinsights/register/action
Microsoft.RecoveryServices/Vaults/delete
Microsoft.ResourceHealth/AvailabilityStatuses/read
Microsoft.ResourceHealth/register/action
Microsoft.Resources/deployments/*
Microsoft.Resources/deploymentScripts/*
Microsoft.Resources/subscriptions/providers/read
Microsoft.Resources/subscriptions/read
Microsoft.Resources/subscriptions/resourcegroups/*
Microsoft.Resources/subscriptions/resources/read
Microsoft.resources/templatespecs/*/read
Microsoft.Security/assessments/read
Microsoft.ServiceBus/*
Microsoft.ServiceBus/checkNameAvailability/action
Microsoft.ServiceBus/register/action
Microsoft.Sql/register/action
Microsoft.Sql/servers/*
Microsoft.Sql/servers/administrators/write
Microsoft.Sql/servers/azureADOnlyAuthentications/write
Microsoft.Sql/servers/databases/*
Microsoft.Storage/checknameavailability/read
Microsoft.Storage/operations/read
Microsoft.Storage/register/action
Microsoft.Storage/storageAccounts/*
Microsoft.StreamAnalytics/clusters/Delete
Microsoft.StreamAnalytics/clusters/Write
Microsoft.streamanalytics/locations/*/read
Microsoft.StreamAnalytics/locations/SampleInput/action
Microsoft.StreamAnalytics/locations/TestQuery/action
Microsoft.StreamAnalytics/Register/action
Microsoft.StreamAnalytics/streamingjobs/*
Microsoft.Support/*
Microsoft.Synapse/privateLinkHubs/delete
Microsoft.Synapse/workspaces/delete
Microsoft.web/checknameavailability/read
Microsoft.Web/hostingEnvironments/Join/Action
Microsoft.web/kubeenvironments/*/action
Microsoft.web/register/action
Microsoft.Web/serverFarms/*
Microsoft.Web/sites/*
Microsoft.Insights/metricAlerts/*
Microsoft.KeyVault/checkNameAvailability/read
Microsoft.KeyVault/vaults/write
Microsoft.KeyVault/vaults/accessPolicies/write
Microsoft.App/sessionpools/write
Microsoft.App/sessionpools/delete
Microsoft.MessagingCatalog/*
Microsoft.ContainerInstance/containerGroups/*
Microsoft.ContainerInstance/register/action
Microsoft.Authorization/register/action
Microsoft.Authorization/locks/write
Microsoft.Authorization/locks/read
Microsoft.Authorization/locks/delete
Control Plane Operations (4565)
No matching operations
/ shown
Data Plane Operations (0)
No data plane operations granted