Back to Operation

Service Group Administrator

Azure Built-in Role

Role Information

Details and metadata

Role ID
4e50c84c-c78e-4e37-b47e-e60ffea0a775
Type
BuiltInRole
Last Updated (Azure)
2025-11-03 16:09:45

Change History

Track all modifications to this role since 2025-12-15 01:08:16+00:00

2025-11-03 16:09:45 Initial Scan
View details 
{
  "properties": {
    "roleName": "Service Group Administrator",
    "type": "BuiltInRole",
    "description": "Role Definition for administrator of a Service Group",
    "assignableScopes": [
      "/providers/Microsoft.Management/serviceGroups"
    ],
    "permissions": [
      {
        "actions": [
          "*"
        ],
        "notActions": [
          "Microsoft.Authorization/roleAssignments/write",
          "Microsoft.Authorization/roleAssignments/delete"
        ],
        "dataActions": [],
        "notDataActions": []
      },
      {
        "actions": [
          "Microsoft.Authorization/roleAssignments/write",
          "Microsoft.Authorization/roleAssignments/delete"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": [],
        "Condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{4e50c84cc78e4e37b47ee60ffea0a775,32e6a4ec60954e37b54b12aa350ba81f,de754d53652d4c75a67f1e48d8b49c97,c914561b15754601af9ca1356bf59818, e131102b11a54ff48508ed922132b74c, ff09793bbe4849f6ad9670d32039c0b9, d2e8fe829212490faf3e34bb52d87d3d, 481d9636d9f0468bb93d6056318e6f36, 4c7fd85373454453babde9481e9b460b, 517781b05ad4441894d5f2421834b586, 8210e6a34e4c4e1abd83ef8bac788a45, a2b7cc4730ec462fa2f49ac6e1c266af, 3910633d19d04d31b5e64f3101b137b9, 39ea2c4e798a4469b81d65dc7c54cbdb, 2a31630bc9c748198b504c987cb71337})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{4e50c84cc78e4e37b47ee60ffea0a775,32e6a4ec60954e37b54b12aa350ba81f,de754d53652d4c75a67f1e48d8b49c97,c914561b15754601af9ca1356bf59818, e131102b11a54ff48508ed922132b74c, ff09793bbe4849f6ad9670d32039c0b9, d2e8fe829212490faf3e34bb52d87d3d, 481d9636d9f0468bb93d6056318e6f36, 4c7fd85373454453babde9481e9b460b, 517781b05ad4441894d5f2421834b586, 8210e6a34e4c4e1abd83ef8bac788a45, a2b7cc4730ec462fa2f49ac6e1c266af, 3910633d19d04d31b5e64f3101b137b9, 39ea2c4e798a4469b81d65dc7c54cbdb, 2a31630bc9c748198b504c987cb71337}))",
        "ConditionVersion": "2.0"
      }
    ],
    "createdOn": "2024-10-21T15:04:47.266Z",
    "updatedOn": "2025-11-03T16:09:45.514Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/4e50c84c-c78e-4e37-b47e-e60ffea0a775",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "4e50c84c-c78e-4e37-b47e-e60ffea0a775"
}

Latest Role JSON

Raw definition from Azure

{
  "properties": {
    "roleName": "Service Group Administrator",
    "type": "BuiltInRole",
    "description": "Role Definition for administrator of a Service Group",
    "assignableScopes": [
      "/providers/Microsoft.Management/serviceGroups"
    ],
    "permissions": [
      {
        "actions": [
          "*"
        ],
        "notActions": [
          "Microsoft.Authorization/roleAssignments/write",
          "Microsoft.Authorization/roleAssignments/delete"
        ],
        "dataActions": [],
        "notDataActions": []
      },
      {
        "actions": [
          "Microsoft.Authorization/roleAssignments/write",
          "Microsoft.Authorization/roleAssignments/delete"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": [],
        "Condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{4e50c84cc78e4e37b47ee60ffea0a775,32e6a4ec60954e37b54b12aa350ba81f,de754d53652d4c75a67f1e48d8b49c97,c914561b15754601af9ca1356bf59818, e131102b11a54ff48508ed922132b74c, ff09793bbe4849f6ad9670d32039c0b9, d2e8fe829212490faf3e34bb52d87d3d, 481d9636d9f0468bb93d6056318e6f36, 4c7fd85373454453babde9481e9b460b, 517781b05ad4441894d5f2421834b586, 8210e6a34e4c4e1abd83ef8bac788a45, a2b7cc4730ec462fa2f49ac6e1c266af, 3910633d19d04d31b5e64f3101b137b9, 39ea2c4e798a4469b81d65dc7c54cbdb, 2a31630bc9c748198b504c987cb71337})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{4e50c84cc78e4e37b47ee60ffea0a775,32e6a4ec60954e37b54b12aa350ba81f,de754d53652d4c75a67f1e48d8b49c97,c914561b15754601af9ca1356bf59818, e131102b11a54ff48508ed922132b74c, ff09793bbe4849f6ad9670d32039c0b9, d2e8fe829212490faf3e34bb52d87d3d, 481d9636d9f0468bb93d6056318e6f36, 4c7fd85373454453babde9481e9b460b, 517781b05ad4441894d5f2421834b586, 8210e6a34e4c4e1abd83ef8bac788a45, a2b7cc4730ec462fa2f49ac6e1c266af, 3910633d19d04d31b5e64f3101b137b9, 39ea2c4e798a4469b81d65dc7c54cbdb, 2a31630bc9c748198b504c987cb71337}))",
        "ConditionVersion": "2.0"
      }
    ],
    "createdOn": "2024-10-21T15:04:47.266Z",
    "updatedOn": "2025-11-03T16:09:45.514Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/4e50c84c-c78e-4e37-b47e-e60ffea0a775",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "4e50c84c-c78e-4e37-b47e-e60ffea0a775"
}

Effective Permissions

Operations granted by this role (17547 total)

Conditional Permissions

This role has conditions that may restrict effective permissions based on context (e.g., resource attributes, request properties).

Permission Patterns (from role definition)

Actions 3 patterns
* Microsoft.Authorization/roleAssignments/write Microsoft.Authorization/roleAssignments/delete
NotActions (excluded)
Microsoft.Authorization/roleAssignments/write Microsoft.Authorization/roleAssignments/delete

Control Plane Operations (17547)

Data Plane Operations (0)

No data plane operations granted