Back to Dashboard

Microsoft Discovery Platform Administrator (Preview)

Azure Built-in Role

Role Information

Details and metadata

Role ID
7a2b6e6c-472e-4b39-8878-a26eb63d75c6
Type
BuiltInRole
Last Updated (Azure)
2025-07-25 17:13:20

Change History

Track all modifications to this role since 2025-12-15 01:08:16+00:00

2025-07-25 17:13:20 Initial Scan
View details 
{
  "properties": {
    "roleName": "Microsoft Discovery Platform Administrator (Preview)",
    "type": "BuiltInRole",
    "description": "Grants full access to manage Microsoft.Discovery resources. This role in preview and subjet to change.",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Discovery/locations/operationStatuses/read",
          "Microsoft.Discovery/checkNameAvailability/action",
          "Microsoft.Discovery/*",
          "Microsoft.Authorization/*/read",
          "Microsoft.Insights/alertRules/*",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Network/virtualNetworks/subnets/read",
          "Microsoft.Network/virtualNetworks/read",
          "Microsoft.Network/virtualNetworks/subnets/join/action",
          "Microsoft.Support/*",
          "Microsoft.Authorization/roleAssignments/write",
          "Microsoft.Authorization/roleAssignments/delete"
        ],
        "notActions": [],
        "dataActions": [
          "Microsoft.Discovery/*"
        ],
        "notDataActions": [],
        "Condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{4d97b98b-1d4f-4787-a291-c67834d212e7, f1a07417-d97a-45cb-824c-7a7467783830})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{4d97b98b-1d4f-4787-a291-c67834d212e7, f1a07417-d97a-45cb-824c-7a7467783830}))",
        "ConditionVersion": "2.0"
      }
    ],
    "createdOn": "2025-07-03T15:24:10.31Z",
    "updatedOn": "2025-07-25T17:13:20.284Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/7a2b6e6c-472e-4b39-8878-a26eb63d75c6",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "7a2b6e6c-472e-4b39-8878-a26eb63d75c6"
}

Latest Role JSON

Raw definition from Azure

{
  "properties": {
    "roleName": "Microsoft Discovery Platform Administrator (Preview)",
    "type": "BuiltInRole",
    "description": "Grants full access to manage Microsoft.Discovery resources. This role in preview and subjet to change.",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Discovery/locations/operationStatuses/read",
          "Microsoft.Discovery/checkNameAvailability/action",
          "Microsoft.Discovery/*",
          "Microsoft.Authorization/*/read",
          "Microsoft.Insights/alertRules/*",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Network/virtualNetworks/subnets/read",
          "Microsoft.Network/virtualNetworks/read",
          "Microsoft.Network/virtualNetworks/subnets/join/action",
          "Microsoft.Support/*",
          "Microsoft.Authorization/roleAssignments/write",
          "Microsoft.Authorization/roleAssignments/delete"
        ],
        "notActions": [],
        "dataActions": [
          "Microsoft.Discovery/*"
        ],
        "notDataActions": [],
        "Condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{4d97b98b-1d4f-4787-a291-c67834d212e7, f1a07417-d97a-45cb-824c-7a7467783830})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{4d97b98b-1d4f-4787-a291-c67834d212e7, f1a07417-d97a-45cb-824c-7a7467783830}))",
        "ConditionVersion": "2.0"
      }
    ],
    "createdOn": "2025-07-03T15:24:10.31Z",
    "updatedOn": "2025-07-25T17:13:20.284Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/7a2b6e6c-472e-4b39-8878-a26eb63d75c6",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "7a2b6e6c-472e-4b39-8878-a26eb63d75c6"
}

Effective Permissions

Operations granted by this role (122 total)

Conditional Permissions

This role has conditions that may restrict effective permissions based on context (e.g., resource attributes, request properties).

Permission Patterns (from role definition)

Actions 13 patterns
Microsoft.Discovery/locations/operationStatuses/read Microsoft.Discovery/checkNameAvailability/action Microsoft.Discovery/* Microsoft.Authorization/*/read Microsoft.Insights/alertRules/* Microsoft.Resources/deployments/* Microsoft.Resources/subscriptions/resourceGroups/read Microsoft.Network/virtualNetworks/subnets/read Microsoft.Network/virtualNetworks/read Microsoft.Network/virtualNetworks/subnets/join/action Microsoft.Support/* Microsoft.Authorization/roleAssignments/write Microsoft.Authorization/roleAssignments/delete
Data Actions 1 pattern
Microsoft.Discovery/*

Control Plane Operations (107)

Data Plane Operations (15)