Back to Operation

Storage Actions Task Assignment Contributor

Azure Built-in Role

Role Information

Details and metadata

Role ID
77789c21-1643-48a2-8f27-47f858540b51
Type
BuiltInRole
Last Updated (Azure)
2025-09-16 15:14:52

Change History

Track all modifications to this role

2025-09-16 15:14:52 Created
View details
+ {
+ "properties": {
+ "roleName": "Storage Actions Task Assignment Contributor",
+ "type": "BuiltInRole",
+ "description": "Used by the Storage Actions assigner to create a Task Assignment on their target Storage Account, with RBAC privileges for Managed Identity",
+ "assignableScopes": [
+ "/"
+ ],
+ "permissions": [
+ {
+ "actions": [
+ "Microsoft.Authorization/*/read",
+ "Microsoft.Insights/alertRules/*",
+ "Microsoft.Resources/deployments/*",
+ "Microsoft.Resources/subscriptions/resourceGroups/read",
+ "Microsoft.Storage/storageAccounts/reports/read",
+ "Microsoft.Storage/storageAccounts/read",
+ "Microsoft.Storage/storageAccounts/blobServices/read",
+ "Microsoft.Storage/storageAccounts/storageTaskAssignments/read",
+ "Microsoft.Storage/storageAccounts/storageTaskAssignments/write",
+ "Microsoft.Storage/storageAccounts/storageTaskAssignments/delete",
+ "Microsoft.Storage/storageAccounts/storageTaskAssignments/reports/read"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": []
+ },
+ {
+ "actions": [
+ "Microsoft.Authorization/roleAssignments/write",
+ "Microsoft.Authorization/roleAssignments/delete"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": [],
+ "Condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{4bad4d9e2a13488894bbc8432f6f3040})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{4bad4d9e2a13488894bbc8432f6f3040}))",
+ "ConditionVersion": "2.0"
+ }
+ ],
+ "createdOn": "2025-09-16T15:14:52.574Z",
+ "updatedOn": "2025-09-16T15:14:52.574Z",
+ "createdBy": null,
+ "updatedBy": null
+ },
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/77789c21-1643-48a2-8f27-47f858540b51",
+ "type": "Microsoft.Authorization/roleDefinitions",
+ "name": "77789c21-1643-48a2-8f27-47f858540b51"
+ }

Latest Role JSON

Raw definition from Azure

{
  "properties": {
    "roleName": "Storage Actions Task Assignment Contributor",
    "type": "BuiltInRole",
    "description": "Used by the Storage Actions assigner to create a Task Assignment on their target Storage Account, with RBAC privileges for Managed Identity",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Authorization/*/read",
          "Microsoft.Insights/alertRules/*",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Storage/storageAccounts/reports/read",
          "Microsoft.Storage/storageAccounts/read",
          "Microsoft.Storage/storageAccounts/blobServices/read",
          "Microsoft.Storage/storageAccounts/storageTaskAssignments/read",
          "Microsoft.Storage/storageAccounts/storageTaskAssignments/write",
          "Microsoft.Storage/storageAccounts/storageTaskAssignments/delete",
          "Microsoft.Storage/storageAccounts/storageTaskAssignments/reports/read"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      },
      {
        "actions": [
          "Microsoft.Authorization/roleAssignments/write",
          "Microsoft.Authorization/roleAssignments/delete"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": [],
        "Condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{4bad4d9e2a13488894bbc8432f6f3040})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{4bad4d9e2a13488894bbc8432f6f3040}))",
        "ConditionVersion": "2.0"
      }
    ],
    "createdOn": "2025-09-16T15:14:52.574Z",
    "updatedOn": "2025-09-16T15:14:52.574Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/77789c21-1643-48a2-8f27-47f858540b51",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "77789c21-1643-48a2-8f27-47f858540b51"
}

Effective Permissions

Operations granted by this role (57 total)

Conditional Permissions

This role has conditions that may restrict effective permissions based on context (e.g., resource attributes, request properties).

Permission Patterns (from role definition)

Actions 13 patterns
Microsoft.Authorization/*/read Microsoft.Insights/alertRules/* Microsoft.Resources/deployments/* Microsoft.Resources/subscriptions/resourceGroups/read Microsoft.Storage/storageAccounts/reports/read Microsoft.Storage/storageAccounts/read Microsoft.Storage/storageAccounts/blobServices/read Microsoft.Storage/storageAccounts/storageTaskAssignments/read Microsoft.Storage/storageAccounts/storageTaskAssignments/write Microsoft.Storage/storageAccounts/storageTaskAssignments/delete Microsoft.Storage/storageAccounts/storageTaskAssignments/reports/read Microsoft.Authorization/roleAssignments/write Microsoft.Authorization/roleAssignments/delete

Control Plane Operations (57)

Data Plane Operations (0)

No data plane operations granted