Back to Operation

Azure Resilience Management Drills Assets Administrator

Azure Built-in Role

Role Information

Details and metadata

Role ID
5a2ec2f1-2375-4950-9906-59ec1d979249
Type
BuiltInRole
Last Updated (Azure)
2025-11-04 16:13:15

Change History

Track all modifications to this role

2025-11-04 16:13:15 Created
View details
+ {
+ "properties": {
+ "roleName": "Azure Resilience Management Drills Assets Administrator",
+ "type": "BuiltInRole",
+ "description": "This Role grants permissions on the Chaos Subscription to create, read, and delete Resource Groups, Automation Accounts, and Chaos Experiments, and assigns necessary roles to Drill and Chaos MSIs for executing post actions required by Azure Resilience Management Drills.",
+ "assignableScopes": [
+ "/"
+ ],
+ "permissions": [
+ {
+ "actions": [
+ "Microsoft.Authorization/*/read",
+ "Microsoft.Authorization/roleAssignments/write",
+ "Microsoft.Resources/subscriptions/resourceGroups/delete",
+ "Microsoft.Resources/subscriptions/resourceGroups/read",
+ "Microsoft.Resources/subscriptions/resourceGroups/write",
+ "Microsoft.Automation/automationAccounts/delete",
+ "Microsoft.Automation/automationAccounts/read",
+ "Microsoft.Automation/automationAccounts/write",
+ "Microsoft.Automation/automationAccounts/runbooks/delete",
+ "Microsoft.Automation/automationAccounts/runbooks/read",
+ "Microsoft.Automation/automationAccounts/runbooks/write",
+ "Microsoft.Chaos/experiments/delete",
+ "Microsoft.Chaos/experiments/read",
+ "Microsoft.Chaos/experiments/write",
+ "Microsoft.Chaos/locations/operationResults/read",
+ "Microsoft.Chaos/locations/operationStatuses/read"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": []
+ }
+ ],
+ "createdOn": "2025-11-04T16:13:15.619Z",
+ "updatedOn": "2025-11-04T16:13:15.619Z",
+ "createdBy": null,
+ "updatedBy": null
+ },
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/5a2ec2f1-2375-4950-9906-59ec1d979249",
+ "type": "Microsoft.Authorization/roleDefinitions",
+ "name": "5a2ec2f1-2375-4950-9906-59ec1d979249"
+ }

Latest Role JSON

Raw definition from Azure

{
  "properties": {
    "roleName": "Azure Resilience Management Drills Assets Administrator",
    "type": "BuiltInRole",
    "description": "This Role grants permissions on the Chaos Subscription to create, read, and delete Resource Groups, Automation Accounts, and Chaos Experiments, and assigns necessary roles to Drill and Chaos MSIs for executing post actions required by Azure Resilience Management Drills.",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Authorization/*/read",
          "Microsoft.Authorization/roleAssignments/write",
          "Microsoft.Resources/subscriptions/resourceGroups/delete",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Resources/subscriptions/resourceGroups/write",
          "Microsoft.Automation/automationAccounts/delete",
          "Microsoft.Automation/automationAccounts/read",
          "Microsoft.Automation/automationAccounts/write",
          "Microsoft.Automation/automationAccounts/runbooks/delete",
          "Microsoft.Automation/automationAccounts/runbooks/read",
          "Microsoft.Automation/automationAccounts/runbooks/write",
          "Microsoft.Chaos/experiments/delete",
          "Microsoft.Chaos/experiments/read",
          "Microsoft.Chaos/experiments/write",
          "Microsoft.Chaos/locations/operationResults/read",
          "Microsoft.Chaos/locations/operationStatuses/read"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2025-11-04T16:13:15.619Z",
    "updatedOn": "2025-11-04T16:13:15.619Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/5a2ec2f1-2375-4950-9906-59ec1d979249",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "5a2ec2f1-2375-4950-9906-59ec1d979249"
}

Effective Permissions

Operations granted by this role (46 total)

Permission Patterns (from role definition)

Actions 16 patterns
Microsoft.Authorization/*/read Microsoft.Authorization/roleAssignments/write Microsoft.Resources/subscriptions/resourceGroups/delete Microsoft.Resources/subscriptions/resourceGroups/read Microsoft.Resources/subscriptions/resourceGroups/write Microsoft.Automation/automationAccounts/delete Microsoft.Automation/automationAccounts/read Microsoft.Automation/automationAccounts/write Microsoft.Automation/automationAccounts/runbooks/delete Microsoft.Automation/automationAccounts/runbooks/read Microsoft.Automation/automationAccounts/runbooks/write Microsoft.Chaos/experiments/delete Microsoft.Chaos/experiments/read Microsoft.Chaos/experiments/write Microsoft.Chaos/locations/operationResults/read Microsoft.Chaos/locations/operationStatuses/read

Control Plane Operations (46)

Data Plane Operations (0)

No data plane operations granted