Role Information
Details and metadata
5a382001-fe36-41ff-bba4-8bf06bd54da9
Change History
Track all modifications to this role
Updated On
Event Type
Summary & Details
2024-03-14 15:26:37
Initial Scan
Show full JSON
{
"properties": {
"roleName": "Azure Sphere Owner",
"type": "BuiltInRole",
"description": "Allows user read and write access to Azure Sphere resources and RBAC configuration, includes an ABAC condition to constrain role assignments.",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.AzureSphere/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*",
"Microsoft.Insights/DiagnosticSettings/*",
"Microsoft.Insights/DiagnosticSettingsCategories/Read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
},
{
"actions": [
"Microsoft.Authorization/roleAssignments/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"Condition": "@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{8b9dfcab4b774632a6df94bd07820648,c8ae62795a0b4cb2b3f0d4d62845742c,6d994134994b4a599974f479f0b227fb,5a382001fe3641ffbba48bf06bd54da9,749f88d5cbae40b8bcfce573ddc772fa,43d0d8ad25c7471493378ba259a9fe05}",
"ConditionVersion": "2.0"
},
{
"actions": [
"Microsoft.Authorization/roleAssignments/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"Condition": "@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{8b9dfcab4b774632a6df94bd07820648,c8ae62795a0b4cb2b3f0d4d62845742c,6d994134994b4a599974f479f0b227fb,5a382001fe3641ffbba48bf06bd54da9,749f88d5cbae40b8bcfce573ddc772fa,43d0d8ad25c7471493378ba259a9fe05}",
"ConditionVersion": "2.0"
}
],
"createdOn": "2024-02-05T16:00:25.77Z",
"updatedOn": "2024-03-14T15:26:37.988Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/5a382001-fe36-41ff-bba4-8bf06bd54da9",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "5a382001-fe36-41ff-bba4-8bf06bd54da9"
}
2024-03-14 15:26:37
Initial Scan
View details
{
"properties": {
"roleName": "Azure Sphere Owner",
"type": "BuiltInRole",
"description": "Allows user read and write access to Azure Sphere resources and RBAC configuration, includes an ABAC condition to constrain role assignments.",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.AzureSphere/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*",
"Microsoft.Insights/DiagnosticSettings/*",
"Microsoft.Insights/DiagnosticSettingsCategories/Read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
},
{
"actions": [
"Microsoft.Authorization/roleAssignments/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"Condition": "@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{8b9dfcab4b774632a6df94bd07820648,c8ae62795a0b4cb2b3f0d4d62845742c,6d994134994b4a599974f479f0b227fb,5a382001fe3641ffbba48bf06bd54da9,749f88d5cbae40b8bcfce573ddc772fa,43d0d8ad25c7471493378ba259a9fe05}",
"ConditionVersion": "2.0"
},
{
"actions": [
"Microsoft.Authorization/roleAssignments/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"Condition": "@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{8b9dfcab4b774632a6df94bd07820648,c8ae62795a0b4cb2b3f0d4d62845742c,6d994134994b4a599974f479f0b227fb,5a382001fe3641ffbba48bf06bd54da9,749f88d5cbae40b8bcfce573ddc772fa,43d0d8ad25c7471493378ba259a9fe05}",
"ConditionVersion": "2.0"
}
],
"createdOn": "2024-02-05T16:00:25.77Z",
"updatedOn": "2024-03-14T15:26:37.988Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/5a382001-fe36-41ff-bba4-8bf06bd54da9",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "5a382001-fe36-41ff-bba4-8bf06bd54da9"
}
Latest Role JSON
Raw definition from Azure
{
"properties": {
"roleName": "Azure Sphere Owner",
"type": "BuiltInRole",
"description": "Allows user read and write access to Azure Sphere resources and RBAC configuration, includes an ABAC condition to constrain role assignments.",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.AzureSphere/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*",
"Microsoft.Insights/DiagnosticSettings/*",
"Microsoft.Insights/DiagnosticSettingsCategories/Read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
},
{
"actions": [
"Microsoft.Authorization/roleAssignments/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"Condition": "@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{8b9dfcab4b774632a6df94bd07820648,c8ae62795a0b4cb2b3f0d4d62845742c,6d994134994b4a599974f479f0b227fb,5a382001fe3641ffbba48bf06bd54da9,749f88d5cbae40b8bcfce573ddc772fa,43d0d8ad25c7471493378ba259a9fe05}",
"ConditionVersion": "2.0"
},
{
"actions": [
"Microsoft.Authorization/roleAssignments/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"Condition": "@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{8b9dfcab4b774632a6df94bd07820648,c8ae62795a0b4cb2b3f0d4d62845742c,6d994134994b4a599974f479f0b227fb,5a382001fe3641ffbba48bf06bd54da9,749f88d5cbae40b8bcfce573ddc772fa,43d0d8ad25c7471493378ba259a9fe05}",
"ConditionVersion": "2.0"
}
],
"createdOn": "2024-02-05T16:00:25.77Z",
"updatedOn": "2024-03-14T15:26:37.988Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/5a382001-fe36-41ff-bba4-8bf06bd54da9",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "5a382001-fe36-41ff-bba4-8bf06bd54da9"
}
Effective Permissions
Operations granted by this role (105 total)
Conditional Permissions
This role has conditions that may restrict effective permissions based on context (e.g., resource attributes, request properties).
Permission Patterns (from role definition)
Actions
15 patterns
Microsoft.AzureSphere/*
Microsoft.Authorization/*/read
Microsoft.Resources/deployments/*
Microsoft.Resources/subscriptions/resourceGroups/read
Microsoft.Insights/alertRules/*
Microsoft.Authorization/*/read
Microsoft.Resources/subscriptions/resourceGroups/read
Microsoft.Resources/subscriptions/read
Microsoft.Management/managementGroups/read
Microsoft.Resources/deployments/*
Microsoft.Support/*
Microsoft.Insights/DiagnosticSettings/*
Microsoft.Insights/DiagnosticSettingsCategories/Read
Microsoft.Authorization/roleAssignments/write
Microsoft.Authorization/roleAssignments/delete
Control Plane Operations (105)
No matching operations
/ shown
Data Plane Operations (0)
No data plane operations granted