Role Information
Details and metadata
5a966030-d6b2-4d2c-ba61-dbcf2f426586
Change History
Track all modifications to this role since 2025-12-15 01:08:16+00:00
Updated On
Event Type
Summary & Details
2025-05-06 15:13:45
Created
Show full JSON diff
+ {
+ "properties": {
+ "roleName": "UserAccessAdministrator for AzureJIT",
+ "type": "BuiltInRole",
+ "description": "Allows AzureJIT to manage role assignments.",
+ "assignableScopes": [
+ "/"
+ ],
+ "permissions": [
+ {
+ "actions": [
+ "*/read",
+ "Microsoft.Authorization/roleAssignments/*",
+ "Microsoft.KeyVault/vaults/accessPolicies/write"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": [],
+ "Condition": "!ActionMatches {'Microsoft.Authorization/roleAssignments/write'} || @Request[Microsoft.Authorization/roleAssignments:PrincipalType] stringequalsignorecase 'user' && @Resource[Id] forallofanyvalues:stringlikeignorecase {'/subscriptions/*', 'subscriptions/*'}",
+ "ConditionVersion": "2.0"
+ }
+ ],
+ "createdOn": "2025-05-06T15:13:45.441Z",
+ "updatedOn": "2025-05-06T15:13:45.441Z",
+ "createdBy": null,
+ "updatedBy": null
+ },
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/5a966030-d6b2-4d2c-ba61-dbcf2f426586",
+ "type": "Microsoft.Authorization/roleDefinitions",
+ "name": "5a966030-d6b2-4d2c-ba61-dbcf2f426586"
+ }
2025-05-06 15:13:45
Created
View details
+ {
+ "properties": {
+ "roleName": "UserAccessAdministrator for AzureJIT",
+ "type": "BuiltInRole",
+ "description": "Allows AzureJIT to manage role assignments.",
+ "assignableScopes": [
+ "/"
+ ],
+ "permissions": [
+ {
+ "actions": [
+ "*/read",
+ "Microsoft.Authorization/roleAssignments/*",
+ "Microsoft.KeyVault/vaults/accessPolicies/write"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": [],
+ "Condition": "!ActionMatches {'Microsoft.Authorization/roleAssignments/write'} || @Request[Microsoft.Authorization/roleAssignments:PrincipalType] stringequalsignorecase 'user' && @Resource[Id] forallofanyvalues:stringlikeignorecase {'/subscriptions/*', 'subscriptions/*'}",
+ "ConditionVersion": "2.0"
+ }
+ ],
+ "createdOn": "2025-05-06T15:13:45.441Z",
+ "updatedOn": "2025-05-06T15:13:45.441Z",
+ "createdBy": null,
+ "updatedBy": null
+ },
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/5a966030-d6b2-4d2c-ba61-dbcf2f426586",
+ "type": "Microsoft.Authorization/roleDefinitions",
+ "name": "5a966030-d6b2-4d2c-ba61-dbcf2f426586"
+ }
Latest Role JSON
Raw definition from Azure
{
"properties": {
"roleName": "UserAccessAdministrator for AzureJIT",
"type": "BuiltInRole",
"description": "Allows AzureJIT to manage role assignments.",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Authorization/roleAssignments/*",
"Microsoft.KeyVault/vaults/accessPolicies/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"Condition": "!ActionMatches {'Microsoft.Authorization/roleAssignments/write'} || @Request[Microsoft.Authorization/roleAssignments:PrincipalType] stringequalsignorecase 'user' && @Resource[Id] forallofanyvalues:stringlikeignorecase {'/subscriptions/*', 'subscriptions/*'}",
"ConditionVersion": "2.0"
}
],
"createdOn": "2025-05-06T15:13:45.441Z",
"updatedOn": "2025-05-06T15:13:45.441Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/5a966030-d6b2-4d2c-ba61-dbcf2f426586",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "5a966030-d6b2-4d2c-ba61-dbcf2f426586"
}
Effective Permissions
Operations granted by this role (7487 total)
Conditional Permissions
This role has conditions that may restrict effective permissions based on context (e.g., resource attributes, request properties).
Permission Patterns (from role definition)
Actions
3 patterns
*/read
Microsoft.Authorization/roleAssignments/*
Microsoft.KeyVault/vaults/accessPolicies/write
Control Plane Operations (7487)
No matching operations
/ shown
Data Plane Operations (0)
No data plane operations granted