Role Information
Details and metadata
38863829-c2a4-4f8d-b1d2-2e325973ebc7
Change History
Track all modifications to this role
Updated On
Event Type
Summary & Details
2023-10-09 15:06:57
Created
Show full JSON diff
+ {
+ "properties": {
+ "roleName": "Landing Zone Management Owner",
+ "type": "BuiltInRole",
+ "description": "Microsoft.Sovereign Landing Zone Management Owner allowing to review and modify Landing Zone Configurations as well as reading and adding Landing Zone Registrations. Also enables read-access to policies and management groups for enabling the full user experience of the Sovereign Services RP in the Azure Portal (as otherwise some elements might not be accessible to end users).",
+ "assignableScopes": [
+ "/"
+ ],
+ "permissions": [
+ {
+ "actions": [
+ "Microsoft.Sovereign/landingZoneConfigurations/*",
+ "Microsoft.Sovereign/landingZoneRegistrations/*",
+ "Microsoft.Authorization/*/read",
+ "Microsoft.Resources/deployments/*"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": []
+ }
+ ],
+ "createdOn": "2023-10-09T15:06:57.038Z",
+ "updatedOn": "2023-10-09T15:06:57.038Z",
+ "createdBy": null,
+ "updatedBy": null
+ },
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/38863829-c2a4-4f8d-b1d2-2e325973ebc7",
+ "type": "Microsoft.Authorization/roleDefinitions",
+ "name": "38863829-c2a4-4f8d-b1d2-2e325973ebc7"
+ }
2023-10-09 15:06:57
Created
View details
+ {
+ "properties": {
+ "roleName": "Landing Zone Management Owner",
+ "type": "BuiltInRole",
+ "description": "Microsoft.Sovereign Landing Zone Management Owner allowing to review and modify Landing Zone Configurations as well as reading and adding Landing Zone Registrations. Also enables read-access to policies and management groups for enabling the full user experience of the Sovereign Services RP in the Azure Portal (as otherwise some elements might not be accessible to end users).",
+ "assignableScopes": [
+ "/"
+ ],
+ "permissions": [
+ {
+ "actions": [
+ "Microsoft.Sovereign/landingZoneConfigurations/*",
+ "Microsoft.Sovereign/landingZoneRegistrations/*",
+ "Microsoft.Authorization/*/read",
+ "Microsoft.Resources/deployments/*"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": []
+ }
+ ],
+ "createdOn": "2023-10-09T15:06:57.038Z",
+ "updatedOn": "2023-10-09T15:06:57.038Z",
+ "createdBy": null,
+ "updatedBy": null
+ },
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/38863829-c2a4-4f8d-b1d2-2e325973ebc7",
+ "type": "Microsoft.Authorization/roleDefinitions",
+ "name": "38863829-c2a4-4f8d-b1d2-2e325973ebc7"
+ }
Latest Role JSON
Raw definition from Azure
{
"properties": {
"roleName": "Landing Zone Management Owner",
"type": "BuiltInRole",
"description": "Microsoft.Sovereign Landing Zone Management Owner allowing to review and modify Landing Zone Configurations as well as reading and adding Landing Zone Registrations. Also enables read-access to policies and management groups for enabling the full user experience of the Sovereign Services RP in the Azure Portal (as otherwise some elements might not be accessible to end users).",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.Sovereign/landingZoneConfigurations/*",
"Microsoft.Sovereign/landingZoneRegistrations/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"createdOn": "2023-10-09T15:06:57.038Z",
"updatedOn": "2023-10-09T15:06:57.038Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/38863829-c2a4-4f8d-b1d2-2e325973ebc7",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "38863829-c2a4-4f8d-b1d2-2e325973ebc7"
}
Effective Permissions
Operations granted by this role (43 total)
Permission Patterns (from role definition)
Actions
4 patterns
Microsoft.Sovereign/landingZoneConfigurations/*
Microsoft.Sovereign/landingZoneRegistrations/*
Microsoft.Authorization/*/read
Microsoft.Resources/deployments/*
Control Plane Operations (43)
No matching operations
/ shown
Data Plane Operations (0)
No data plane operations granted