Back to Operation

Essential Machine Management Administrator

Azure Built-in Role

Role Information

Details and metadata

Role ID
34013b0a-565b-43aa-8755-1b7c286f6cf7
Type
BuiltInRole
Last Updated (Azure)
2025-09-24 15:22:47

Change History

Track all modifications to this role

2025-09-24 15:22:47 Created
View details
+ {
+ "properties": {
+ "roleName": "Essential Machine Management Administrator",
+ "type": "BuiltInRole",
+ "description": "Can managed Essential Machine Management resources for subscriptions",
+ "assignableScopes": [
+ "/"
+ ],
+ "permissions": [
+ {
+ "actions": [
+ "Microsoft.Resources/deployments/*",
+ "Microsoft.Insights/dataCollectionRules/read",
+ "Microsoft.Insights/dataCollectionRules/write",
+ "Microsoft.Monitor/accounts/write",
+ "Microsoft.Monitor/accounts/read",
+ "Microsoft.ManagedOps/managedOps/read",
+ "Microsoft.ManagedOps/managedOps/write",
+ "Microsoft.ManagedOps/managedOps/delete",
+ "Microsoft.OperationsManagement/solutions/read",
+ "Microsoft.OperationsManagement/solutions/write",
+ "Microsoft.OperationalInsights/workspaces/read",
+ "Microsoft.OperationalInsights/workspaces/sharedkeys/action",
+ "Microsoft.OperationalInsights/workspaces/sharedkeys/read",
+ "Microsoft.OperationalInsights/workspaces/listKeys/action",
+ "Microsoft.Resources/subscriptions/resourceGroups/read",
+ "Microsoft.Insights/metricAlerts/write",
+ "Microsoft.Insights/metricAlerts/read",
+ "Microsoft.Security/pricings/write",
+ "Microsoft.Security/pricings/read"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": []
+ }
+ ],
+ "createdOn": "2025-09-24T15:22:47.009Z",
+ "updatedOn": "2025-09-24T15:22:47.009Z",
+ "createdBy": null,
+ "updatedBy": null
+ },
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/34013b0a-565b-43aa-8755-1b7c286f6cf7",
+ "type": "Microsoft.Authorization/roleDefinitions",
+ "name": "34013b0a-565b-43aa-8755-1b7c286f6cf7"
+ }

Latest Role JSON

Raw definition from Azure

{
  "properties": {
    "roleName": "Essential Machine Management Administrator",
    "type": "BuiltInRole",
    "description": "Can managed Essential Machine Management resources for subscriptions",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Resources/deployments/*",
          "Microsoft.Insights/dataCollectionRules/read",
          "Microsoft.Insights/dataCollectionRules/write",
          "Microsoft.Monitor/accounts/write",
          "Microsoft.Monitor/accounts/read",
          "Microsoft.ManagedOps/managedOps/read",
          "Microsoft.ManagedOps/managedOps/write",
          "Microsoft.ManagedOps/managedOps/delete",
          "Microsoft.OperationsManagement/solutions/read",
          "Microsoft.OperationsManagement/solutions/write",
          "Microsoft.OperationalInsights/workspaces/read",
          "Microsoft.OperationalInsights/workspaces/sharedkeys/action",
          "Microsoft.OperationalInsights/workspaces/sharedkeys/read",
          "Microsoft.OperationalInsights/workspaces/listKeys/action",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Insights/metricAlerts/write",
          "Microsoft.Insights/metricAlerts/read",
          "Microsoft.Security/pricings/write",
          "Microsoft.Security/pricings/read"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2025-09-24T15:22:47.009Z",
    "updatedOn": "2025-09-24T15:22:47.009Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/34013b0a-565b-43aa-8755-1b7c286f6cf7",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "34013b0a-565b-43aa-8755-1b7c286f6cf7"
}

Effective Permissions

Operations granted by this role (18 total)

Permission Patterns (from role definition)

Actions 19 patterns
Microsoft.Resources/deployments/* Microsoft.Insights/dataCollectionRules/read Microsoft.Insights/dataCollectionRules/write Microsoft.Monitor/accounts/write Microsoft.Monitor/accounts/read Microsoft.ManagedOps/managedOps/read Microsoft.ManagedOps/managedOps/write Microsoft.ManagedOps/managedOps/delete Microsoft.OperationsManagement/solutions/read Microsoft.OperationsManagement/solutions/write Microsoft.OperationalInsights/workspaces/read Microsoft.OperationalInsights/workspaces/sharedkeys/action Microsoft.OperationalInsights/workspaces/sharedkeys/read Microsoft.OperationalInsights/workspaces/listKeys/action Microsoft.Resources/subscriptions/resourceGroups/read Microsoft.Insights/metricAlerts/write Microsoft.Insights/metricAlerts/read Microsoft.Security/pricings/write Microsoft.Security/pricings/read

Control Plane Operations (18)

Data Plane Operations (0)

No data plane operations granted