Role Information
Details and metadata
5a966030-d6b2-4d2c-ba61-dbcf2f426586
Change History
Track all modifications to this role since 2025-12-15 01:08:16+00:00
Updated On
Event Type
Summary & Details
2025-05-06 15:13:45
Created
Show full JSON diff
+ {
+ "properties": {
+ "roleName": "UserAccessAdministrator for AzureJIT",
+ "type": "BuiltInRole",
+ "description": "Allows AzureJIT to manage role assignments.",
+ "assignableScopes": [
+ "/"
+ ],
+ "permissions": [
+ {
+ "actions": [
+ "*/read",
+ "Microsoft.Authorization/roleAssignments/*",
+ "Microsoft.KeyVault/vaults/accessPolicies/write"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": [],
+ "Condition": "!ActionMatches {'Microsoft.Authorization/roleAssignments/write'} || @Request[Microsoft.Authorization/roleAssignments:PrincipalType] stringequalsignorecase 'user' && @Resource[Id] forallofanyvalues:stringlikeignorecase {'/subscriptions/*', 'subscriptions/*'}",
+ "ConditionVersion": "2.0"
+ }
+ ],
+ "createdOn": "2025-05-06T15:13:45.441Z",
+ "updatedOn": "2025-05-06T15:13:45.441Z",
+ "createdBy": null,
+ "updatedBy": null
+ },
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/5a966030-d6b2-4d2c-ba61-dbcf2f426586",
+ "type": "Microsoft.Authorization/roleDefinitions",
+ "name": "5a966030-d6b2-4d2c-ba61-dbcf2f426586"
+ }
2025-05-06 15:13:45
Created
View details
+ {
+ "properties": {
+ "roleName": "UserAccessAdministrator for AzureJIT",
+ "type": "BuiltInRole",
+ "description": "Allows AzureJIT to manage role assignments.",
+ "assignableScopes": [
+ "/"
+ ],
+ "permissions": [
+ {
+ "actions": [
+ "*/read",
+ "Microsoft.Authorization/roleAssignments/*",
+ "Microsoft.KeyVault/vaults/accessPolicies/write"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": [],
+ "Condition": "!ActionMatches {'Microsoft.Authorization/roleAssignments/write'} || @Request[Microsoft.Authorization/roleAssignments:PrincipalType] stringequalsignorecase 'user' && @Resource[Id] forallofanyvalues:stringlikeignorecase {'/subscriptions/*', 'subscriptions/*'}",
+ "ConditionVersion": "2.0"
+ }
+ ],
+ "createdOn": "2025-05-06T15:13:45.441Z",
+ "updatedOn": "2025-05-06T15:13:45.441Z",
+ "createdBy": null,
+ "updatedBy": null
+ },
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/5a966030-d6b2-4d2c-ba61-dbcf2f426586",
+ "type": "Microsoft.Authorization/roleDefinitions",
+ "name": "5a966030-d6b2-4d2c-ba61-dbcf2f426586"
+ }
Latest Role JSON
Raw definition from Azure
{
"properties": {
"roleName": "UserAccessAdministrator for AzureJIT",
"type": "BuiltInRole",
"description": "Allows AzureJIT to manage role assignments.",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Authorization/roleAssignments/*",
"Microsoft.KeyVault/vaults/accessPolicies/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"Condition": "!ActionMatches {'Microsoft.Authorization/roleAssignments/write'} || @Request[Microsoft.Authorization/roleAssignments:PrincipalType] stringequalsignorecase 'user' && @Resource[Id] forallofanyvalues:stringlikeignorecase {'/subscriptions/*', 'subscriptions/*'}",
"ConditionVersion": "2.0"
}
],
"createdOn": "2025-05-06T15:13:45.441Z",
"updatedOn": "2025-05-06T15:13:45.441Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/5a966030-d6b2-4d2c-ba61-dbcf2f426586",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "5a966030-d6b2-4d2c-ba61-dbcf2f426586"
}
Effective Permissions
Operations granted by this role (7487 total)
Conditional Permissions
This role has conditions that may restrict effective permissions based on context (e.g., resource attributes, request properties).