Blueprint Operator - Azure Built-in Role Definition (437d2ced-4a38-4302-8479-ed2bcb43d090)

Role Information

Details and metadata

Role ID

437d2ced-4a38-4302-8479-ed2bcb43d090

Type

BuiltInRole

Last Updated (Azure)

2021-11-11 20:14:06

Change History

Track all modifications to this role

Updated On

Event Type

Summary & Details

2021-11-11 20:14:06

Initial Scan

Show full JSON

{
  "properties": {
    "roleName": "Blueprint Operator",
    "type": "BuiltInRole",
    "description": "Can assign existing published blueprints, but cannot create new blueprints. NOTE: this only works if the assignment is done with a user-assigned managed identity.",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Authorization/*/read",
          "Microsoft.Blueprint/blueprintAssignments/*",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Support/*"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2019-08-14T21:56:48.789Z",
    "updatedOn": "2021-11-11T20:14:06.697Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "437d2ced-4a38-4302-8479-ed2bcb43d090"
}

2021-11-11 20:14:06 Initial Scan

View details

{
  "properties": {
    "roleName": "Blueprint Operator",
    "type": "BuiltInRole",
    "description": "Can assign existing published blueprints, but cannot create new blueprints. NOTE: this only works if the assignment is done with a user-assigned managed identity.",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Authorization/*/read",
          "Microsoft.Blueprint/blueprintAssignments/*",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Support/*"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2019-08-14T21:56:48.789Z",
    "updatedOn": "2021-11-11T20:14:06.697Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "437d2ced-4a38-4302-8479-ed2bcb43d090"
}

Latest Role JSON

Raw definition from Azure

{
  "properties": {
    "roleName": "Blueprint Operator",
    "type": "BuiltInRole",
    "description": "Can assign existing published blueprints, but cannot create new blueprints. NOTE: this only works if the assignment is done with a user-assigned managed identity.",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Authorization/*/read",
          "Microsoft.Blueprint/blueprintAssignments/*",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Support/*"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2019-08-14T21:56:48.789Z",
    "updatedOn": "2021-11-11T20:14:06.697Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "437d2ced-4a38-4302-8479-ed2bcb43d090"
}

Effective Permissions

Operations granted by this role (58 total)

Permission Patterns (from role definition)

Actions 5 patterns

Microsoft.Authorization/*/read Microsoft.Blueprint/blueprintAssignments/* Microsoft.Resources/subscriptions/resourceGroups/read Microsoft.Resources/deployments/* Microsoft.Support/*

Control Plane Operations (58)

Data Plane Operations (0)

No data plane operations granted