Role Information
Details and metadata
7859c0b0-0bb9-4994-bd12-cd529af7d646
Change History
Track all modifications to this role since 2025-12-15 01:08:16+00:00
Updated On
Event Type
Summary & Details
2025-10-20 15:12:57
Initial Scan
Show full JSON
{
"properties": {
"roleName": "Azure Migrate Decide and Plan Expert",
"type": "BuiltInRole",
"description": "Grants restricted access on Azure Migrate project to only perform planning operations including appliance-based discovery, managing inventory, identifying server dependencies, creation of business case & assessment reports.",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/locations/read",
"Microsoft.Resources/checkResourceName/action",
"Microsoft.Resources/deploymentScripts/write",
"Microsoft.Resources/deploymentScripts/read",
"Microsoft.Resources/links/write",
"Microsoft.Authorization/*/read",
"Microsoft.Authorization/locks/write",
"Microsoft.Authorization/locks/delete",
"Microsoft.Insights/alertRules/*",
"Microsoft.Migrate/*",
"Microsoft.ApplicationMigration/*",
"Microsoft.OffAzure/*",
"Microsoft.MySQLDiscovery/*",
"Microsoft.Support/*",
"Microsoft.DependencyMap/*",
"Microsoft.KeyVault/vaults/*",
"Microsoft.KeyVault/checkNameAvailability/read",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/register/action",
"Microsoft.Network/virtualNetworks/subnets/write",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/virtualNetworks/join/action",
"Microsoft.Network/privateEndpoints/read",
"Microsoft.Network/privateEndpoints/write",
"Microsoft.Network/privateEndpoints/privateDnsZoneGroups/write",
"Microsoft.Network/privateDnsZones/write",
"Microsoft.Network/privateDnsZones/virtualNetworkLinks/write",
"Microsoft.Network/privateDnsZones/join/action",
"Microsoft.Network/privateDnsZones/A/write",
"Microsoft.Network/register/action",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/privateEndpoints/privateDnsZoneGroups/read",
"Microsoft.Storage/storageAccounts/*/read",
"Microsoft.Storage/storageAccounts/*/write",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.GuestConfiguration/register/action",
"Microsoft.HybridConnectivity/register/action",
"Microsoft.DataReplication/*/read",
"Microsoft.DataReplication/register/action",
"Microsoft.DataReplication/replicationVaults/write",
"Microsoft.RecoveryServices/vaults/*",
"Microsoft.RecoveryServices/register/action",
"Microsoft.KeyVault/register/action",
"Microsoft.AzureArcData/register/action",
"Microsoft.Resources/links/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"createdOn": "2025-09-09T09:00:55.23Z",
"updatedOn": "2025-10-20T15:12:57.181Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/7859c0b0-0bb9-4994-bd12-cd529af7d646",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "7859c0b0-0bb9-4994-bd12-cd529af7d646"
}
2025-10-20 15:12:57
Initial Scan
View details
{
"properties": {
"roleName": "Azure Migrate Decide and Plan Expert",
"type": "BuiltInRole",
"description": "Grants restricted access on Azure Migrate project to only perform planning operations including appliance-based discovery, managing inventory, identifying server dependencies, creation of business case & assessment reports.",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/locations/read",
"Microsoft.Resources/checkResourceName/action",
"Microsoft.Resources/deploymentScripts/write",
"Microsoft.Resources/deploymentScripts/read",
"Microsoft.Resources/links/write",
"Microsoft.Authorization/*/read",
"Microsoft.Authorization/locks/write",
"Microsoft.Authorization/locks/delete",
"Microsoft.Insights/alertRules/*",
"Microsoft.Migrate/*",
"Microsoft.ApplicationMigration/*",
"Microsoft.OffAzure/*",
"Microsoft.MySQLDiscovery/*",
"Microsoft.Support/*",
"Microsoft.DependencyMap/*",
"Microsoft.KeyVault/vaults/*",
"Microsoft.KeyVault/checkNameAvailability/read",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/register/action",
"Microsoft.Network/virtualNetworks/subnets/write",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/virtualNetworks/join/action",
"Microsoft.Network/privateEndpoints/read",
"Microsoft.Network/privateEndpoints/write",
"Microsoft.Network/privateEndpoints/privateDnsZoneGroups/write",
"Microsoft.Network/privateDnsZones/write",
"Microsoft.Network/privateDnsZones/virtualNetworkLinks/write",
"Microsoft.Network/privateDnsZones/join/action",
"Microsoft.Network/privateDnsZones/A/write",
"Microsoft.Network/register/action",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/privateEndpoints/privateDnsZoneGroups/read",
"Microsoft.Storage/storageAccounts/*/read",
"Microsoft.Storage/storageAccounts/*/write",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.GuestConfiguration/register/action",
"Microsoft.HybridConnectivity/register/action",
"Microsoft.DataReplication/*/read",
"Microsoft.DataReplication/register/action",
"Microsoft.DataReplication/replicationVaults/write",
"Microsoft.RecoveryServices/vaults/*",
"Microsoft.RecoveryServices/register/action",
"Microsoft.KeyVault/register/action",
"Microsoft.AzureArcData/register/action",
"Microsoft.Resources/links/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"createdOn": "2025-09-09T09:00:55.23Z",
"updatedOn": "2025-10-20T15:12:57.181Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/7859c0b0-0bb9-4994-bd12-cd529af7d646",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "7859c0b0-0bb9-4994-bd12-cd529af7d646"
}
Latest Role JSON
Raw definition from Azure
{
"properties": {
"roleName": "Azure Migrate Decide and Plan Expert",
"type": "BuiltInRole",
"description": "Grants restricted access on Azure Migrate project to only perform planning operations including appliance-based discovery, managing inventory, identifying server dependencies, creation of business case & assessment reports.",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/locations/read",
"Microsoft.Resources/checkResourceName/action",
"Microsoft.Resources/deploymentScripts/write",
"Microsoft.Resources/deploymentScripts/read",
"Microsoft.Resources/links/write",
"Microsoft.Authorization/*/read",
"Microsoft.Authorization/locks/write",
"Microsoft.Authorization/locks/delete",
"Microsoft.Insights/alertRules/*",
"Microsoft.Migrate/*",
"Microsoft.ApplicationMigration/*",
"Microsoft.OffAzure/*",
"Microsoft.MySQLDiscovery/*",
"Microsoft.Support/*",
"Microsoft.DependencyMap/*",
"Microsoft.KeyVault/vaults/*",
"Microsoft.KeyVault/checkNameAvailability/read",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/register/action",
"Microsoft.Network/virtualNetworks/subnets/write",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/virtualNetworks/join/action",
"Microsoft.Network/privateEndpoints/read",
"Microsoft.Network/privateEndpoints/write",
"Microsoft.Network/privateEndpoints/privateDnsZoneGroups/write",
"Microsoft.Network/privateDnsZones/write",
"Microsoft.Network/privateDnsZones/virtualNetworkLinks/write",
"Microsoft.Network/privateDnsZones/join/action",
"Microsoft.Network/privateDnsZones/A/write",
"Microsoft.Network/register/action",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/privateEndpoints/privateDnsZoneGroups/read",
"Microsoft.Storage/storageAccounts/*/read",
"Microsoft.Storage/storageAccounts/*/write",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.GuestConfiguration/register/action",
"Microsoft.HybridConnectivity/register/action",
"Microsoft.DataReplication/*/read",
"Microsoft.DataReplication/register/action",
"Microsoft.DataReplication/replicationVaults/write",
"Microsoft.RecoveryServices/vaults/*",
"Microsoft.RecoveryServices/register/action",
"Microsoft.KeyVault/register/action",
"Microsoft.AzureArcData/register/action",
"Microsoft.Resources/links/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"createdOn": "2025-09-09T09:00:55.23Z",
"updatedOn": "2025-10-20T15:12:57.181Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/7859c0b0-0bb9-4994-bd12-cd529af7d646",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "7859c0b0-0bb9-4994-bd12-cd529af7d646"
}
Effective Permissions
Operations granted by this role (1048 total)
Permission Patterns (from role definition)
Actions
51 patterns
Microsoft.Resources/subscriptions/resourceGroups/read
Microsoft.Resources/subscriptions/read
Microsoft.Resources/deployments/*
Microsoft.Resources/subscriptions/locations/read
Microsoft.Resources/checkResourceName/action
Microsoft.Resources/deploymentScripts/write
Microsoft.Resources/deploymentScripts/read
Microsoft.Resources/links/write
Microsoft.Authorization/*/read
Microsoft.Authorization/locks/write
Microsoft.Authorization/locks/delete
Microsoft.Insights/alertRules/*
Microsoft.Migrate/*
Microsoft.ApplicationMigration/*
Microsoft.OffAzure/*
Microsoft.MySQLDiscovery/*
Microsoft.Support/*
Microsoft.DependencyMap/*
Microsoft.KeyVault/vaults/*
Microsoft.KeyVault/checkNameAvailability/read
Microsoft.HybridCompute/machines/read
Microsoft.HybridCompute/machines/write
Microsoft.HybridCompute/machines/delete
Microsoft.HybridCompute/register/action
Microsoft.Network/virtualNetworks/subnets/write
Microsoft.Network/virtualNetworks/subnets/join/action
Microsoft.Network/networkSecurityGroups/join/action
Microsoft.Network/virtualNetworks/join/action
Microsoft.Network/privateEndpoints/read
Microsoft.Network/privateEndpoints/write
Microsoft.Network/privateEndpoints/privateDnsZoneGroups/write
Microsoft.Network/privateDnsZones/write
Microsoft.Network/privateDnsZones/virtualNetworkLinks/write
Microsoft.Network/privateDnsZones/join/action
Microsoft.Network/privateDnsZones/A/write
Microsoft.Network/register/action
Microsoft.Network/virtualNetworks/subnets/read
Microsoft.Network/privateEndpoints/privateDnsZoneGroups/read
Microsoft.Storage/storageAccounts/*/read
Microsoft.Storage/storageAccounts/*/write
Microsoft.Storage/storageAccounts/listKeys/action
Microsoft.GuestConfiguration/register/action
Microsoft.HybridConnectivity/register/action
Microsoft.DataReplication/*/read
Microsoft.DataReplication/register/action
Microsoft.DataReplication/replicationVaults/write
Microsoft.RecoveryServices/vaults/*
Microsoft.RecoveryServices/register/action
Microsoft.KeyVault/register/action
Microsoft.AzureArcData/register/action
Microsoft.Resources/links/read
Control Plane Operations (1048)
No matching operations
/ shown
Data Plane Operations (0)
No data plane operations granted